A remote code execution vulnerability exists in the Notification Settings component of GeoVision GV-ASWeb. An authenticated attacker with System Setting permissions can send a crafted malicious HTTP POST request to the backend ASWebCommon.srf endpoint. The request bypasses existing frontend restrictions to allow arbitrary command execution on the target server.
Remediation
Apply the latest official security patch released by GeoVision for GV-ASWeb. Restrict network access to the GV-ASWeb backend endpoint to only trusted, authorized IP ranges. Revoke unnecessary System Setting permissions from non-admin users to reduce the attack surface.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.