AI description
Automated description summarized from trusted sources.
CVE-2026-57872 describes an unauthenticated directory traversal vulnerability found in the `get_fcont.cgi` component of GeoVision GV-LPC2011 and GV-LPC2211 devices, specifically versions 1.12 and earlier. This flaw stems from inadequate validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker can exploit this vulnerability by crafting a specific request, enabling them to read arbitrary files accessible to the affected process. This unauthorized access to files can lead to information disclosure.
- Description
- An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.
- Source
- 0df08a0e-a200-4957-9bb0-084f562506f9
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- 0df08a0e-a200-4957-9bb0-084f562506f9
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7