CVE-2026-57872

Published Jun 26, 2026

Last updated 7 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-57872 describes an unauthenticated directory traversal vulnerability found in the `get_fcont.cgi` component of GeoVision GV-LPC2011 and GV-LPC2211 devices, specifically versions 1.12 and earlier. This flaw stems from inadequate validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker can exploit this vulnerability by crafting a specific request, enabling them to read arbitrary files accessible to the affected process. This unauthorized access to files can lead to information disclosure.

Description
An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.
Source
0df08a0e-a200-4957-9bb0-084f562506f9
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

0df08a0e-a200-4957-9bb0-084f562506f9
CWE-22

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

7

References

Sources include official advisories and independent security research.