CVE-2026-7841— GV-ASWeb Remote Code Execution (RCE) vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7841
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GV-ASWeb Remote Code Execution (RCE) vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the frontend restrictions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Geovision GV-ASWeb 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Geovision GV-ASWeb是中国奇偶(Geovision)公司的一个基于 Web 的软件,用于远程访问和配置 GV-ASManager 的数据库。 GeoVision GV-ASWeb 6.2.0版本存在代码注入漏洞,该漏洞源于通知设置中的远程代码执行问题,可能导致具有系统设置权限的经过身份验证的用户通过向ASWebCommon.srf后端端点发送特制HTTP POST请求绕过前端限制,在服务器上执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GeoVision Inc. | ASManager | V6.2.0 | - |
II. Public POCs for CVE-2026-7841
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7841
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: GeoVision Inc.
- CVE-2026-42370
GeoVision GV-VMS V20 WebCam Server Login stack overflow vuln - CVE-2026-7372
GeoVision GV-VMS V20 WebCam Server Login stack overflow vuln - CVE-2026-42369
GeoVision GV-VMS V20 WebCam Server stack overflow vulnerabil - CVE-2026-42368
GeoVision LPC2011/LPC2211 Web Interface privilege escalation - CVE-2026-42367
GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege
Same weakness: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. Comments for CVE-2026-7841
No comments yet