CVE-2026-57873: CWE-476 NULL pointer dereference in GeoVision Inc. GV-LPCLPC2011/2211
An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.
AI Analysis
Technical Summary
CVE-2026-57873 is a NULL pointer dereference vulnerability (CWE-476) in the IEEE8021x_upload.cgi component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version 1.12 or earlier. The flaw arises from improper validation of multipart upload headers when processing certificate-related upload fields. This allows an unauthenticated remote attacker to send a specially crafted multipart request that causes the CGI process to dereference a NULL pointer, resulting in a crash and denial of service. No patch or official remediation has been published as of the data provided.
Potential Impact
The vulnerability enables an unauthenticated remote attacker to cause a denial of service by crashing the affected CGI process. There is no impact on confidentiality or integrity. The service disruption could affect availability of the device's functionality related to IEEE8021x certificate uploads.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider restricting access to the vulnerable CGI endpoint or implementing network-level protections to block malformed multipart requests targeting IEEE8021x_upload.cgi.
CVE-2026-57873: CWE-476 NULL pointer dereference in GeoVision Inc. GV-LPCLPC2011/2211
Description
An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.
CVSS v3.1
Score 7.5high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-57873 is a NULL pointer dereference vulnerability (CWE-476) in the IEEE8021x_upload.cgi component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version 1.12 or earlier. The flaw arises from improper validation of multipart upload headers when processing certificate-related upload fields. This allows an unauthenticated remote attacker to send a specially crafted multipart request that causes the CGI process to dereference a NULL pointer, resulting in a crash and denial of service. No patch or official remediation has been published as of the data provided.
Potential Impact
The vulnerability enables an unauthenticated remote attacker to cause a denial of service by crashing the affected CGI process. There is no impact on confidentiality or integrity. The service disruption could affect availability of the device's functionality related to IEEE8021x certificate uploads.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider restricting access to the vulnerable CGI endpoint or implementing network-level protections to block malformed multipart requests targeting IEEE8021x_upload.cgi.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GV
- Date Reserved
- 2026-06-26T02:40:42.397Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3e2e3e4853345fc17628d8
Added to database: 06/26/2026, 07:46:06 UTC
Last enriched: 06/26/2026, 08:01:41 UTC
Last updated: 06/26/2026, 12:22:40 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.