CVE-2024-56902
published 2025-02-03CVE-2024-56902: Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
21.32%
97.3th percentile
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.
Detection & IOCsextracted from sources · hover to see the quote
url/ASWeb/bin/ASWebCommon.srf
cookieGvWebUser|3d|
snort
ET WEB_SPECIFIC_APPS GeoVision GV-ASManager <v6.1.0.0 Information Disclosure (CVE-2024-56902); flow:established,to_server; http.method; content:"POST"; http.uri; content:"/ASWeb/bin/ASWebCommon.srf"; fast_pattern; http.cookie; content:"GvWebUser|3d|"; http.request_body; content:"action|3d|UA|5f|"; reference:url,github.com/DRAGOWN/CVE-2024-56902; reference:cve,2024-56902; classtype:web-application-attack; sid:2061365; rev:1;
- →Detect POST requests to /ASWeb/bin/ASWebCommon.srf with a body containing 'action=UA_' — this is the exploit endpoint used to enumerate and retrieve cleartext account credentials from GV-ASManager.
- →The specific POST body parameter 'action=UA_GetAllUserAccount' triggers the information disclosure, returning all user accounts including cleartext passwords. ↗
- →The Guest account is enabled by default with an empty password (Username: Guest; Password: [empty]) and can be used to authenticate and trigger the vulnerability. ↗
- →Use the Google Dork 'inurl:"ASWeb/Login"' to identify publicly exposed GV-ASManager instances on the internet. ↗
- →The X-Requested-With: XMLHttpRequest header is present in exploit requests; correlate with POST to /ASWeb/bin/ASWebCommon.srf for higher-fidelity detection. ↗
- ·The vulnerability affects GV-ASManager v6.1.0.0 and earlier; the CSRF chain (CVE-2024-56901/56903) affects v6.1.1.0 and earlier. Ensure version scoping is correct when applying detections. ↗
- ·The Snort/ET rule (sid:2061365) uses the cookie content 'GvWebUser|3d|' as a key filter; ensure your inspection engine decodes URL-encoded cookie values or adjust the pattern accordingly.
- ·CVE-2024-56902 is commonly chained with CVE-2024-56901 (CSRF account creation) and CVE-2024-56903 (GET method bypass) and CVE-2024-56898 (broken access control); detections for this CVE alone may miss the full attack chain. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS GeoVision GV-ASManager <v6.1.0.0 Information Disclosure (CVE-2024-56902)
suricata·2025-04-08·CVSS 7.5
CVE-2024-56902 [HIGH] ET WEB_SPECIFIC_APPS GeoVision GV-ASManager <v6.1.0.0 Information Disclosure (CVE-2024-56902)
ET WEB_SPECIFIC_APPS GeoVision GV-ASManager $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS GeoVision GV-ASManager <v6.1.0.0 Information Disclosure (CVE-2024-56902)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/ASWeb/bin/ASWebCommon.srf"; fast_pattern; http.cookie; content:"GvWebUser|3d|"; http.request_body; content:"action|3d|UA|5f|"; reference:url,github.com/DRAGOWN/CVE-2024-56902; reference:cve,2024-56902; classtype:web-application-attack; sid:2061365; rev:1; metadata:attack_target Server, created_at 2025_04_08, cve CVE_2024_56902, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_04_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploi
Exploit-DB
GeoVision GV-ASManager 6.1.1.0 - CSRF
exploitdb·2025-04-11·CVSS 8.8
CVE-2024-56901 [HIGH] GeoVision GV-ASManager 6.1.1.0 - CSRF
GeoVision GV-ASManager 6.1.1.0 - CSRF
---
# Exploit Title: GeoVision GV-ASManager 6.1.1.0 - CSRF
# Google Dork: inurl:"ASWeb/Login"
# Date: 02-FEB-2025
# Exploit Author: Giorgi Dograshvili [DRAGOWN]
# Vendor Homepage: https://www.geovision.com.tw/
# Software Link: https://www.geovision.com.tw/download/product/
# Version: 6.1.1.0 or less
# Tested on: Windows 10 | Kali Linux
# CVE : CVE-2024-56901
# PoC: https://github.com/DRAGOWN/CVE-2024-56901
A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASManager web application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Admin accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack.
Requirements
To perform successful attack an
Exploit-DB
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
exploitdb·2025-04-11·CVSS 8.8
CVE-2024-56898 [HIGH] GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
---
# Exploit Title: Broken Access Control in GeoVision GV-ASManager
# Google Dork: inurl:"ASWeb/Login"
# Date: 02-FEB-2025
# Exploit Author: Giorgi Dograshvili [DRAGOWN]
# Vendor Homepage: https://www.geovision.com.tw/
# Software Link: https://www.geovision.com.tw/download/product/
# Version: 6.1.0.0 or less
# Tested on: Windows 10 | Kali Linux
# CVE : CVE-2024-56898
# PoC: https://github.com/DRAGOWN/CVE-2024-56898
Broken access control vulnerability in Geovision GV-ASManager web application with version v6.1.0.0 or less.
Requirements
To perform successful attack an attacker requires:
- GeoVision ASManager version 6.1.0.0 or less
- Network access to the GV-ASManager web application (there are cases when there are public access)
-
Exploit-DB
GeoVision GV-ASManager 6.1.0.0 - Information Disclosure
exploitdb·2025-04-08·CVSS 7.5
CVE-2024-56902 [HIGH] GeoVision GV-ASManager 6.1.0.0 - Information Disclosure
GeoVision GV-ASManager 6.1.0.0 - Information Disclosure
---
# Exploit Title: Information Disclosure in GeoVision GV-ASManager
# Google Dork: inurl:"ASWeb/Login"
# Date: 02-FEB-2025
# Exploit Author: Giorgi Dograshvili [DRAGOWN]
# Vendor Homepage: https://www.geovision.com.tw/
# Software Link: https://www.geovision.com.tw/download/product/
# Version: 6.1.0.0 or less
# Tested on: Windows 10 | Kali Linux
# CVE : CVE-2024-56902
# PoC: https://github.com/DRAGOWN/CVE-2024-56902
Information disclosure vulnerability in Geovision GV-ASManager web application with version v6.1.0.0 or less.
Requirements
To perform successful attack an attacker requires:
- GeoVision ASManager version 6.1.0.0 or less
- Network access to the GV-ASManager web application (there are cases when there are public access
No writeups or analysis indexed.
2025-02-03
Published