GeoVision GV-ASWeb Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in the Notification Settings feature of GeoVision GV-ASWeb version 6.2.0. This vulnerability allows an authenticated user with System Setting permissions to execute arbitrary commands on the server. Exploitation involves sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint, bypassing frontend restrictions.

Impact

Exploitation of this vulnerability allows for remote code execution on the server.

Added: May 6, 2026, 8:37 AM

Updated: May 6, 2026, 8:37 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

7.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

7.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GeoVision GV-ASWeb Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating