VYPR

GV-ASWeb

by Geovision

CVEs (5)

  • CVE-2025-26264HigFeb 27, 2025
    risk 0.62cvss 8.8epss 0.20

    GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary…

  • CVE-2024-56901HigFeb 3, 2025
    risk 0.60cvss 8.8epss 0.02

    A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a…

  • CVE-2024-56898HigFeb 3, 2025
    risk 0.60cvss 8.8epss 0.02

    Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.

  • CVE-2026-7841HigMay 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to…

  • CVE-2024-56903HigFeb 3, 2025
    risk 0.53cvss 8.1epss 0.00

    Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.