{"id":14307,"date":"2025-08-26T01:50:45","date_gmt":"2025-08-26T01:50:45","guid":{"rendered":"http:\/\/localhost\/?p=14307"},"modified":"2025-08-26T01:50:45","modified_gmt":"2025-08-26T01:50:45","slug":"geovision-asmanager-windows-application-6120-credentials-disclosure","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=14307","title":{"rendered":"GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure_EDB-ID:52423"},"content":{"rendered":"

{“lastseen”:”2025-08-26T06:08:56″,”description”:”Exploit……………”,”published”:”2025-08-26T00:00:00″,”modified”:”2025-08-26T00:00:00″,”type”:”exploitdb”,”title”:”GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure”,”source”:””,”references”:””,”id”:”EDB-ID:52423″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-26263″],”sourceData”:”# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure\\r\\n# Date: 19-MAR-2025\\r\\n# Exploit Author: Giorgi Dograshvili [DRAGOWN]\\r\\n# Vendor Homepage: https:\/\/www.geovision.com.tw\/\\r\\n# Software Link: https:\/\/www.geovision.com.tw\/download\/product\/\\r\\n# Version: 6.1.2.0 or less\\r\\n# Tested on: Windows 10 | Kali Linux\\r\\n# CVE : CVE-2025-26263\\r\\n# PoC: https:\/\/github.com\/DRAGOWN\/CVE-2025-26263\\r\\n\\r\\nGeoVision ASManager Windows desktop application with the version 6.1.2.0 or less, is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.\\r\\n\\r\\nRequirements\\r\\nTo perform successful attack an attacker requires:\\r\\n- System level access to the GV-ASManager windows desktop application with the version 6.1.2.0 or less;\\r\\n- A high privilege account to dump the memory.\\r\\n\\r\\nImpact\\r\\nThe vulnerability can be leveraged to perform the following unauthorized actions:\\r\\n- An attacker with high privilege system user, who isn’t authorized to access GeoVision ASManager, is able to:\\r\\n– Dump ASManager accounts credentials;\\r\\n– Authenticate in ASManager.\\r\\n- After the authenticating in ASManager, an attacker will be able to:\\r\\n– Access the resources such as monitoring cameras, access cards, parking cars, employees and visitors, etc.\\r\\n– Make changes in data and service network configurations such as employees, access card security information, IP addresses and configurations, etc.\\r\\n– Disrupt and disconnect services such as monitoring cameras, access controls.\\r\\n– Clone and duplicate access control data for further attack scenarios.\\r\\n\\r\\nPoC\\r\\nThe steps for a successful exploitation are described in the following GitHub article with screenshots:\\r\\n- https:\/\/github.com\/DRAGOWN\/CVE-2025-26263\\r\\n\\r\\nAfter a successful attack, you will get administrative access to:\\r\\n- ASManager – Access \\u0026 Security Management software in OS\\r\\n- ASWeb – Access \\u0026 Security Management \\r\\n- TAWeb – Time and Attendance Management \\r\\n- VMWeb – Visitor Management”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52423″,”cvss”:{“score”:5.1,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52423″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-08-26T06:08:56″,”description”:”Exploit……………”,”published”:”2025-08-26T00:00:00″,”modified”:”2025-08-26T00:00:00″,”type”:”exploitdb”,”title”:”GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure”,”source”:””,”references”:””,”id”:”EDB-ID:52423″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-26263″],”sourceData”:”# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure\\r\\n# Date: 19-MAR-2025\\r\\n# Exploit Author: Giorgi Dograshvili [DRAGOWN]\\r\\n#…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,109,12,40,21,13,7,11,5],"class_list":["post-14307","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-51","tag-exploit","tag-exploitdb","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nGeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure_EDB-ID:52423 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=14307\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure_EDB-ID:52423 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-08-26T06:08:56″,”description”:”Exploit……………”,”published”:”2025-08-26T00:00:00″,”modified”:”2025-08-26T00:00:00″,”type”:”exploitdb”,”title”:”GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure”,”source”:””,”references”:””,”id”:”EDB-ID:52423″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-26263″],”sourceData”:”# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosurern# Date: 19-MAR-2025rn# Exploit Author: Giorgi Dograshvili [DRAGOWN]rn#...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=14307\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-26T01:50:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14307#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14307\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure_EDB-ID:52423\",\"datePublished\":\"2025-08-26T01:50:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14307\"},\"wordCount\":455,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.1\",\"exploit\",\"exploitdb\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=14307#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14307\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14307\",\"name\":\"GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure_EDB-ID:52423 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-08-26T01:50:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14307#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=14307\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14307#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure_EDB-ID:52423\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure_EDB-ID:52423 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=14307","og_locale":"en_US","og_type":"article","og_title":"GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure_EDB-ID:52423 - zero redgem","og_description":"{“lastseen”:”2025-08-26T06:08:56″,”description”:”Exploit……………”,”published”:”2025-08-26T00:00:00″,”modified”:”2025-08-26T00:00:00″,”type”:”exploitdb”,”title”:”GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure”,”source”:””,”references”:””,”id”:”EDB-ID:52423″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-26263″],”sourceData”:”# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosurern# Date: 19-MAR-2025rn# Exploit Author: Giorgi Dograshvili [DRAGOWN]rn#...","og_url":"https:\/\/zero.redgem.net\/?p=14307","og_site_name":"zero redgem","article_published_time":"2025-08-26T01:50:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=14307#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=14307"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure_EDB-ID:52423","datePublished":"2025-08-26T01:50:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=14307"},"wordCount":455,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.1","exploit","exploitdb","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=14307#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=14307","url":"https:\/\/zero.redgem.net\/?p=14307","name":"GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure_EDB-ID:52423 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-08-26T01:50:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=14307#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=14307"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=14307#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure_EDB-ID:52423"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/14307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14307"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/14307\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}