A CSRF vulnerability exists in GeoVision GV-ASManager web application version 6.1.1.0 or earlier, enabling attackers to create Admin accounts via a crafted GET request. This exploit is often combined with CVE-2024-56903 for a successful CSRF attack.
An information disclosure vulnerability has been found in the GeoVision GV-ASManager web application with version 6.1.0.0 or lower. This vulnerability allows unauthorized access to sensitive information within the application, such as user accounts and clear text passwords, potentially leading to unauthorized access to monitoring cameras, access cards, and other critical data.
The vulnerability exists in GeoVision GV-ASManager web application version 6.1.0.0 or below. An attacker with network access and a low privilege account can perform unauthorized actions like enabling/disabling accounts, creating new accounts, modifying privileges, and accessing resources. After privilege escalation, the attacker can access monitoring cameras, employee information, change configurations, disrupt services, clone access control data, and retrieve cleartext passwords for further attacks.
Services By CQR