A high-severity session management flaw in GeoVision LPC2011/LPC2211 devices allows attackers to hijack administrative sessions, potentially leading to complete device compromise.

The web interface employs guessable session cookies, which can be exploited by an attacker to bypass authentication mechanisms and impersonate an active administrative user.

With a CVSS score of 8.6, this vulnerability poses a high risk to organizational security. Successful session hijacking grants the attacker full control over the device configuration, allowing them to manipulate settings and compromise the device's intended function.

Immediate Action: Update the firmware for the affected GeoVision devices to the latest version to address the session management weakness.

Proactive Monitoring: Review web access logs for unusual session cookie patterns or multiple logins from the same session ID.

Compensating Controls: Restrict access to the web interface to trusted management networks and, where possible, use a WAF to monitor for suspicious cookie activity.

Public Exploit Available: false

Administrators should act promptly to update their GeoVision devices. Session hijacking is a common attack vector, and remediating this flaw is essential to ensuring that administrative sessions remain secure and private.