Loading HuntDB...

GHSA-w2j2-w2qw-9vjm

GitHub Security Advisory

⚠ Unreviewed MODERATE Has CVE

Advisory Details

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.

The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.

Related CVEs

Key Information

GHSA ID
GHSA-w2j2-w2qw-9vjm
Published
December 14, 2024 12:31 AM
Last Modified
December 14, 2024 12:31 AM
CVSS Score
5.0 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.