Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-42364 -- CVSS 9.9 Vulnerability Briefing

CVE-2026-42364 | CVSS 9.9 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-42364 is an OS command injection vulnerability in the DdnsSetting.cgi component of GeoVision GV-LPC2011 and GV-LPC2211 license plate capture camera firmware version 1.10.

Technical Detail

The flaw exists in the DDNS configuration handler (DdnsSetting.cgi), where user-supplied input is passed to an OS-level command without adequate sanitization or escaping. An attacker who can submit a specially crafted DDNS configuration request can inject arbitrary shell commands that execute in the context of the device's underlying operating system, resulting in unauthenticated or authenticated remote code execution depending on the attack vector. With a CVSS score of 9.9, the vulnerability is assessed as near-maximum severity, consistent with full device compromise including persistent access, lateral movement into connected network segments, and potential use of the device as a network pivot point.

Exploitation Status

No known exploit code has been publicly observed or confirmed as of May 10, 2026. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit at this time, though the straightforward nature of OS command injection vulnerabilities in embedded CGI handlers means the barrier to developing functional exploit code is relatively low.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this CVE in available intelligence. Physical security and surveillance devices from vendors such as GeoVision have historically attracted interest from botnets and opportunistic actors scanning for exposed IoT endpoints, but no confirmed targeting of this specific vulnerability has been reported.

What To Do

Organizations operating GeoVision GV-LPC2011 or GV-LPC2211 devices running firmware version 1.10 should check with GeoVision for an available firmware patch and apply it immediately given the critical severity rating. If a patch is not yet available, restrict network access to the device management interface by placing affected devices behind a firewall or network access control policy that prevents untrusted hosts from reaching the CGI interface, particularly over external or untrusted network segments. Disable DDNS configuration functionality at the network perimeter if it is not operationally required. Monitor device logs and network traffic for unexpected outbound connections or unusual process execution originating from these devices. Inventory all deployed GeoVision LPC-series devices to ensure full coverage of remediation efforts.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →