{"id":14394,"date":"2025-08-26T11:59:41","date_gmt":"2025-08-26T11:59:41","guid":{"rendered":"http:\/\/localhost\/?p=14394"},"modified":"2025-08-26T11:59:41","modified_gmt":"2025-08-26T11:59:41","slug":"geovision-asmanager-windows-application-6120-credential-disclosure","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=14394","title":{"rendered":"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856"},"content":{"rendered":"

{“lastseen”:”2025-08-26T16:02:15″,”description”:”GeoVision…………………………………………”,”published”:”2025-08-26T00:00:00″,”modified”:”2025-08-26T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:208856″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-26263″],”sourceData”:”# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure\\n # Date: 19-MAR-2025\\n # Exploit Author: Giorgi Dograshvili [DRAGOWN]\\n # Vendor Homepage: https:\/\/www.geovision.com.tw\/\\n # Software Link: https:\/\/www.geovision.com.tw\/download\/product\/\\n # Version: 6.1.2.0 or less\\n # Tested on: Windows 10 | Kali Linux\\n # CVE : CVE-2025-26263\\n # PoC: https:\/\/github.com\/DRAGOWN\/CVE-2025-26263\\n \\n GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less, is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.\\n \\n Requirements\\n To perform successful attack an attacker requires:\\n – System level access to the GV-ASManager windows desktop application with the version 6.1.2.0 or less;\\n – A high privilege account to dump the memory.\\n \\n Impact\\n The vulnerability can be leveraged to perform the following unauthorized actions:\\n – An attacker with high privilege system user, who isn’t authorized to access GeoVision ASManager, is able to:\\n — Dump ASManager accounts credentials;\\n — Authenticate in ASManager.\\n – After the authenticating in ASManager, an attacker will be able to:\\n — Access the resources such as monitoring cameras, access cards, parking cars, employees and visitors, etc.\\n — Make changes in data and service network configurations such as employees, access card security information, IP addresses and configurations, etc.\\n — Disrupt and disconnect services such as monitoring cameras, access controls.\\n — Clone and duplicate access control data for further attack scenarios.\\n \\n PoC\\n The steps for a successful exploitation are described in the following GitHub article with screenshots:\\n – https:\/\/github.com\/DRAGOWN\/CVE-2025-26263\\n \\n After a successful attack, you will get administrative access to:\\n – ASManager – Access \\u0026 Security Management software in OS\\n – ASWeb – Access \\u0026 Security Management \\n – TAWeb – Time and Attendance Management \\n – VMWeb – Visitor Management”,”sourceHref”:”https:\/\/packetstorm.news\/download\/208856″,”cvss”:{“score”:5.1,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/208856\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-08-26T16:02:15″,”description”:”GeoVision…………………………………………”,”published”:”2025-08-26T00:00:00″,”modified”:”2025-08-26T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:208856″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-26263″],”sourceData”:”# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosure\\n # Date: 19-MAR-2025\\n # Exploit Author: Giorgi…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,109,12,21,13,53,7,11,5],"class_list":["post-14394","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-51","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=14394\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-08-26T16:02:15″,”description”:”GeoVision…………………………………………”,”published”:”2025-08-26T00:00:00″,”modified”:”2025-08-26T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:208856″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-26263″],”sourceData”:”# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosuren # Date: 19-MAR-2025n # Exploit Author: Giorgi...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=14394\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-26T11:59:41+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14394#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14394\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856\",\"datePublished\":\"2025-08-26T11:59:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14394\"},\"wordCount\":439,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.1\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=14394#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14394\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14394\",\"name\":\"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-08-26T11:59:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14394#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=14394\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14394#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=14394","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856 - zero redgem","og_description":"{“lastseen”:”2025-08-26T16:02:15″,”description”:”GeoVision…………………………………………”,”published”:”2025-08-26T00:00:00″,”modified”:”2025-08-26T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:208856″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-26263″],”sourceData”:”# Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 – Credentials Disclosuren # Date: 19-MAR-2025n # Exploit Author: Giorgi...","og_url":"https:\/\/zero.redgem.net\/?p=14394","og_site_name":"zero redgem","article_published_time":"2025-08-26T11:59:41+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=14394#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=14394"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856","datePublished":"2025-08-26T11:59:41+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=14394"},"wordCount":439,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.1","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=14394#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=14394","url":"https:\/\/zero.redgem.net\/?p=14394","name":"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-08-26T11:59:41+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=14394#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=14394"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=14394#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 GeoVision ASManager Windows Application 6.1.2.0 Credential Disclosure_PACKETSTORM:208856"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/14394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14394"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/14394\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14394"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}