A critical stack-based buffer overflow in GeoVision GV-LPC2011/2211 allows unauthenticated remote attackers to achieve arbitrary code execution or cause system-wide denial of service.

This vulnerability is a stack-based buffer overflow located in the thttpd web service, triggered by insufficient bounds checking on HTTP request parameters. An unauthenticated remote attacker can exploit this by sending a specially crafted, overly long HTTP request to a specific path.

The CVSS score of 9.8 reflects the high risk of full system compromise. Successful exploitation allows an attacker to gain unauthorized control over the device, potentially leading to total loss of confidentiality, integrity, and availability of the affected surveillance hardware.

Immediate Action: Update the firmware of all affected GeoVision GV-LPC2011 and GV-LPC2211 units to the latest available vendor-provided version.

Proactive Monitoring: Monitor device logs for unusual HTTP request patterns or frequent crashes of the thttpd service that may indicate exploitation attempts.

Compensating Controls: Implement strict network segmentation and utilize a Web Application Firewall (WAF) to filter and block malformed HTTP requests targeting the device’s interface.

Public Exploit Available: Unknown

Given the critical severity of this vulnerability and the ease with which an unauthenticated attacker can trigger the overflow, immediate patching is required. Organizations should prioritize the deployment of the vendor's firmware update to mitigate the risk of remote code execution.