CVE-2026-57875: An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earli
An unauthenticated
NULL pointer dereference vulnerability exists in the HTTP request parsing logic
of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and
earlier. The vulnerability is caused by improper validation of required HTTP
request metadata before it is used by the affected components. A remote attacker
may exploit this vulnerability by sending a specially crafted HTTP request,
causing the affected process to crash and resulting in a denial of service.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-57875
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2026-578751.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 66% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-57875 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for An unauthenticated NULL
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- highCVE-2026-60109: Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol a…nvd · 2026-07-09
- unknownCVE-2026-13084: A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthen…nvd · 2026-07-03
- highCVE-2026-56219: Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_acc…nvd · 2026-06-30
- highCVE-2026-57873: An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in Ge…nvd · 2026-06-26
More from NVD Recent CVEs
- highCVE-2026-58281: Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized at…2026-07-11
- mediumCVE-2026-10660: The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assi…2026-07-11
- lowCVE-2026-61870: ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memo…2026-07-11
- lowCVE-2026-61861: ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption…2026-07-11
- lowCVE-2026-61858: ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and ext…2026-07-11