CVE-2024-12553 – GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2024-12553

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://www.zerodayinitiative.com/advisories/ZDI-24-1682 • CWE-862: Missing Authorization •