Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. GeoVision LPC Camera Critical RCE via ssvr RTSP Auth Buffer Overflow (CVE-2026-57879)
GeoVision LPC Camera Critical RCE via ssvr RTSP Auth Buffer Overflow (CVE-2026-57879)

Critical Security Alert

This vulnerability is actively being exploited. Immediate action is recommended.

SECURITYCRITICALCVE-2026-57879

GeoVision LPC Camera Critical RCE via ssvr RTSP Auth Buffer Overflow (CVE-2026-57879)

A critical unauthenticated stack-based buffer overflow in the ssvr RTSP service of GeoVision GV-LPC2011 and GV-LPC2211 cameras allows remote attackers to...

Dylan H.

Security Team

June 26, 2026
4 min read

Affected Products

  • GeoVision GV-LPC2011 V1.12 and earlier
  • GeoVision GV-LPC2211 V1.12 and earlier

Executive Summary

A critical unauthenticated stack-based buffer overflow vulnerability has been identified in the ssvr streaming service of GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition cameras (firmware V1.12 and earlier). Tracked as CVE-2026-57879 with a CVSS score of 9.8 (Critical), the vulnerability is exploitable by a remote unauthenticated attacker who sends specially crafted RTSP custom authentication data, potentially leading to arbitrary code execution.

CVSS Score: 9.8 (Critical)


Vulnerability Overview

AttributeValue
CVE IDCVE-2026-57879
CVSS Score9.8 (Critical)
TypeStack-Based Buffer Overflow
Componentssvr (RTSP streaming server)
Attack VectorNetwork
AuthenticationNone required
Privileges RequiredNone
User InteractionNone
Availability ImpactHigh
Confidentiality ImpactHigh
Integrity ImpactHigh

Root Cause

The ssvr (streaming server) component in GeoVision LPC cameras exposes an RTSP interface for video streaming. When processing RTSP custom authentication data, the service copies attacker-supplied data into a stack buffer without validating its length. An oversized authentication payload can overflow the buffer, corrupting stack frames and enabling an attacker to redirect execution to arbitrary code.


Affected Products

ProductAffected FirmwareFixed Version
GeoVision GV-LPC2011V1.12 and earlierTBD
GeoVision GV-LPC2211V1.12 and earlierTBD

Technical Analysis

Attack Mechanism

RTSP (Real Time Streaming Protocol) is used by GeoVision LPC cameras for delivering live video streams. The ssvr daemon listens for incoming RTSP connections (typically TCP port 554). An attacker can:

  1. Connect to the RTSP service on the camera (no authentication required to initiate).
  2. Send a crafted RTSP message containing oversized custom authentication data.
  3. The ssvr service copies the supplied data into a fixed-size stack buffer without bounds checking.
  4. The stack overflow overwrites the return address or function pointers.
  5. The attacker gains arbitrary code execution — potentially as root — on the embedded device.

RTSP Exposure

RTSP on port 554 is frequently opened in firewall rules to allow remote viewing of camera feeds, making this attack surface commonly reachable from untrusted or semi-trusted networks. Many deployments expose RTSP directly to the internet or corporate WAN for monitoring purposes, significantly widening the attack surface.


Risk Assessment

Deployment Context

GeoVision LPC cameras are widely deployed for:

  • License plate recognition at parking facilities
  • Physical access control at building entrances
  • Traffic management and law enforcement support systems

Potential Impact

  • Arbitrary remote code execution on the camera
  • Camera feed manipulation or disabling — bypassing physical security
  • Network persistence — using the camera as a foothold to attack internal network resources
  • Data exfiltration — accessing captured license plate images and recognition data

Remediation

Immediate Steps

  1. Monitor for firmware patches from GeoVision and apply when available.
  2. Block external access to RTSP (port 554) from untrusted networks at the perimeter firewall.
  3. Move cameras to an isolated IoT VLAN with no direct internet connectivity.
  4. Review whether RTSP streaming is required from untrusted network zones; disable if not needed.

Network Mitigations

ControlAction
FirewallBlock TCP 554 inbound from untrusted/internet sources
VLAN isolationSegment camera networks from corporate IT infrastructure
IDS/IPSAlert on malformed RTSP authentication payloads targeting GeoVision devices
VPNRequire VPN access before any RTSP viewing is permitted

Detection

Network Indicators

IndicatorDescription
Oversized RTSP auth payloads to camera IP rangePotential exploitation attempt
Unexpected outbound TCP connections from camera IPsPost-exploitation lateral movement or C2
Camera service crashes or unexpected rebootsBuffer overflow causing instability

Key Takeaways

  1. CVSS 9.8 Critical — Unauthenticated overflow via RTSP streaming interface.
  2. RTSP is commonly internet-exposed on surveillance camera deployments — broad attack surface.
  3. No credentials required — Any internet-reachable camera running firmware V1.12 or earlier is at risk.
  4. Part of a cluster of four critical CVEs affecting the same GeoVision LPC camera platform.
  5. Isolate and patch — Block RTSP externally until GeoVision releases patched firmware.

References

  • NVD — CVE-2026-57879
  • GeoVision Official Website

Related Advisories

  • GeoVision LPC Camera thttpd Web Server Buffer Overflow (CVE-2026-57878)
  • GeoVision LPC Camera ssvr RTSP Digest Buffer Overflow (CVE-2026-57880)
  • GeoVision LPC Camera vlsvr Remote Login Buffer Overflow (CVE-2026-57881)
#GeoVision#CVE-2026-57879#Buffer Overflow#RTSP#IoT Security#IP Camera#RCE

Related Articles

GeoVision LPC Camera Critical RCE via ssvr RTSP Digest Auth Buffer Overflow (CVE-2026-57880)

A critical unauthenticated stack-based buffer overflow in GeoVision GV-LPC2011 and GV-LPC2211 cameras allows remote code execution by exploiting...

5 min read

GeoVision LPC Camera Critical RCE via thttpd Buffer Overflow (CVE-2026-57878)

A critical unauthenticated stack-based buffer overflow in thttpd on GeoVision GV-LPC2011 and GV-LPC2211 cameras allows remote attackers to execute...

5 min read

GeoVision LPC Camera Critical RCE via vlsvr Remote Login Buffer Overflow (CVE-2026-57881)

A critical unauthenticated stack-based buffer overflow in the vlsvr daemon of GeoVision GV-LPC2011 and GV-LPC2211 cameras allows remote code execution...

6 min read
Back to all Security Alerts