CVE-2024-12553

Name of the Vulnerable Software and Affected Versions GeoVision GV-ASManager (affected versions not specified)

Description The issue is related to a lack of authorization procedure in the GeoVision GV-ASManager software, allowing remote attackers to disclose sensitive information on affected installations. Although authentication is required to exploit this issue, default guest credentials may be used. The specific flaw exists within the GV-ASWeb service and results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this issue to disclose stored credentials, leading to further compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.