Search criteria
15 vulnerabilities by AVTECH
CVE-2025-50944 (GCVE-0-2025-50944)
Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2025-09-15 14:26
VLAI?
Summary
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-50944",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T14:23:22.625287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T14:26:24.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate\u0027s expiration date, skipping proper TLS chain validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T13:57:13.448Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shinycolumn.notion.site/eagleeyes-lite"
},
{
"url": "https://github.com/shinyColumn/CVE-2025-50944"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-50944",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-06-16T00:00:00.000Z",
"dateUpdated": "2025-09-15T14:26:24.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46408 (GCVE-0-2025-46408)
Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2025-09-17 13:40
VLAI?
Summary
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46408",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T13:40:02.640558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T13:40:32.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/shinyColumn/CVE-2025-46408"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T14:09:17.865Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/shinyColumn/CVE-2025-46408"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46408",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-07-11T00:00:00.000Z",
"dateUpdated": "2025-09-17T13:40:32.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34066 (GCVE-0-2025-34066)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:47 – Updated: 2025-07-01 18:37
VLAI?
Title
AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
Summary
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVTECH | IP cameras |
Affected:
0
|
||||||||||||
|
||||||||||||||
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:37:09.538771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:37:36.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Cloud sync shell scripts",
"--no-check-certificate (hardcoded)"
],
"product": "IP cameras",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cloud sync shell scripts",
"--no-check-certificate (hardcoded)"
],
"product": "DVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Cloud sync shell scripts",
"--no-check-certificate (hardcoded)"
],
"product": "NVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks."
}
],
"value": "An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:47:44.573Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34066",
"datePublished": "2025-07-01T14:47:44.573Z",
"dateReserved": "2025-04-15T19:15:22.549Z",
"dateUpdated": "2025-07-01T18:37:36.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34065 (GCVE-0-2025-34065)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:47 – Updated: 2025-07-01 18:36
VLAI?
Title
AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path
Summary
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
Severity ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Affected:
1000-1000-1000-1000
Affected: 1000C-1000C-1000C-1000C Affected: 1001-1000-1000-1000 Affected: 1001-1001-1000-1000 Affected: 1002-1000-1000-1000 Affected: 1002-1002-1000-1002 Affected: 1002D-1000D-1000D-1000D Affected: 1003-1000-1000-1001 Affected: 1003-1001-1001-1000 Affected: 1003-1002-1001-1000 Affected: 1004-1000-1000-1000 Affected: 1004-1001-1001-1001 Affected: 1004-1002-1000-1001 Affected: 1004-1003-1001-1002 Affected: 1004-1003-1002-1001 Affected: 1004A-1001A-1002A-1000A Affected: 1005-1002-1001-1002 Affected: 1005-1003-1001-1002 Affected: 1005-1004-1002-1001 Affected: 1005A-1001A-1002A-1001A Affected: 1005D-1001D-1002D-1001D Affected: 1006-1002-1001-1002 Affected: 1006-1003-1001-1001 Affected: 1006-1004-1003-1001 Affected: 1007-1001-1003-1001 Affected: 1007-1001-1004-1003 Affected: 1007-1002-1001-1000 Affected: 1007-1002-1001-1003 Affected: 1007-1002-1003-1002 Affected: 1007-1004-1003-1001 Affected: 1008-1001-1003-1002 Affected: 1008-1004-1004-1001 Affected: 1008D-1003D-1004D-1002D Affected: 1008J-1004J-1004J-1001J Affected: 1009-1001-1004-1001 Affected: 1009-1002-1005-1003 Affected: 1009-1003-1001-1003 Affected: 1009-1003-1005-1002 Affected: 1010-1001-1004-1001 Affected: 1010-1001-1004-1002 Affected: 1010-1003-1005-1002 Affected: 1010-1003-1006-1003 Affected: 1010-1003-1006-1004 Affected: 1010-1004-1007-1001 Affected: 1010J-1001J-1004J-1001J Affected: 1010N-1003N-1005N-1002N Affected: 1011-1001-1002A-1002 Affected: 1011-1001-1002D-1002 Affected: 1011-1001-1003-1002 Affected: 1011-1001-1004-1002 Affected: 1011-1001-1005-1002 Affected: 1011-1004-1005-1002 |
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34065",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:35:32.244766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:36:04.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Search.cgi",
"username parameter",
"queryb64str"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1000-1000-1000-1000"
},
{
"status": "affected",
"version": "1000C-1000C-1000C-1000C"
},
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1001-1001-1000-1000"
},
{
"status": "affected",
"version": "1002-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1002-1000-1002"
},
{
"status": "affected",
"version": "1002D-1000D-1000D-1000D"
},
{
"status": "affected",
"version": "1003-1000-1000-1001"
},
{
"status": "affected",
"version": "1003-1001-1001-1000"
},
{
"status": "affected",
"version": "1003-1002-1001-1000"
},
{
"status": "affected",
"version": "1004-1000-1000-1000"
},
{
"status": "affected",
"version": "1004-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1002-1000-1001"
},
{
"status": "affected",
"version": "1004-1003-1001-1002"
},
{
"status": "affected",
"version": "1004-1003-1002-1001"
},
{
"status": "affected",
"version": "1004A-1001A-1002A-1000A"
},
{
"status": "affected",
"version": "1005-1002-1001-1002"
},
{
"status": "affected",
"version": "1005-1003-1001-1002"
},
{
"status": "affected",
"version": "1005-1004-1002-1001"
},
{
"status": "affected",
"version": "1005A-1001A-1002A-1001A"
},
{
"status": "affected",
"version": "1005D-1001D-1002D-1001D"
},
{
"status": "affected",
"version": "1006-1002-1001-1002"
},
{
"status": "affected",
"version": "1006-1003-1001-1001"
},
{
"status": "affected",
"version": "1006-1004-1003-1001"
},
{
"status": "affected",
"version": "1007-1001-1003-1001"
},
{
"status": "affected",
"version": "1007-1001-1004-1003"
},
{
"status": "affected",
"version": "1007-1002-1001-1000"
},
{
"status": "affected",
"version": "1007-1002-1001-1003"
},
{
"status": "affected",
"version": "1007-1002-1003-1002"
},
{
"status": "affected",
"version": "1007-1004-1003-1001"
},
{
"status": "affected",
"version": "1008-1001-1003-1002"
},
{
"status": "affected",
"version": "1008-1004-1004-1001"
},
{
"status": "affected",
"version": "1008D-1003D-1004D-1002D"
},
{
"status": "affected",
"version": "1008J-1004J-1004J-1001J"
},
{
"status": "affected",
"version": "1009-1001-1004-1001"
},
{
"status": "affected",
"version": "1009-1002-1005-1003"
},
{
"status": "affected",
"version": "1009-1003-1001-1003"
},
{
"status": "affected",
"version": "1009-1003-1005-1002"
},
{
"status": "affected",
"version": "1010-1001-1004-1001"
},
{
"status": "affected",
"version": "1010-1001-1004-1002"
},
{
"status": "affected",
"version": "1010-1003-1005-1002"
},
{
"status": "affected",
"version": "1010-1003-1006-1003"
},
{
"status": "affected",
"version": "1010-1003-1006-1004"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010J-1001J-1004J-1001J"
},
{
"status": "affected",
"version": "1010N-1003N-1005N-1002N"
},
{
"status": "affected",
"version": "1011-1001-1002A-1002"
},
{
"status": "affected",
"version": "1011-1001-1002D-1002"
},
{
"status": "affected",
"version": "1011-1001-1003-1002"
},
{
"status": "affected",
"version": "1011-1001-1004-1002"
},
{
"status": "affected",
"version": "1011-1001-1005-1002"
},
{
"status": "affected",
"version": "1011-1004-1005-1002"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function allows unauthenticated access to any request containing \"/nobody\" in the URL, bypassing login controls."
}
],
"value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function allows unauthenticated access to any request containing \"/nobody\" in the URL, bypassing login controls."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:47:23.621Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34065",
"datePublished": "2025-07-01T14:47:23.621Z",
"dateReserved": "2025-04-15T19:15:22.549Z",
"dateUpdated": "2025-07-01T18:36:04.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34056 (GCVE-0-2025-34056)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:46 – Updated: 2025-07-01 18:34
VLAI?
Title
AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
Summary
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Affected:
0
|
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34056",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:34:24.733333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:34:41.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"PwdGrp.cgi user/group configuration handler",
"pwd parameter",
"grp parameter"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the \u003ccode\u003ePwdGrp.cgi\u003c/code\u003e endpoint, which handles user and group management operations. Authenticated users can supply input through the \u003ccode\u003epwd\u003c/code\u003e or \u003ccode\u003egrp\u003c/code\u003e parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges."
}
],
"value": "An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:46:52.800Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34056",
"datePublished": "2025-07-01T14:46:52.800Z",
"dateReserved": "2025-04-15T19:15:22.549Z",
"dateUpdated": "2025-07-01T18:34:41.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34055 (GCVE-0-2025-34055)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:46 – Updated: 2025-07-01 18:33
VLAI?
Title
AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
Summary
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Affected:
1001-1000-1000-1000
Affected: 1002-1000-1000-1000 Affected: 1002-1001-1001-1001 Affected: 1003-1000-1001-1000 Affected: 1003-1001-1001-1000 Affected: 1003-1001-1001-1001 Affected: 1004-1000-1000-1000 Affected: 1004-1001-1001-1001 Affected: 1004-1001-1002-1000 Affected: 1004-1002-1001-1000 Affected: 1004V-1002V-1003V-1001V Affected: 1004Y-1002Y-1001EJ-1000Y Affected: 1005-1001-1002-1000 Affected: 1005-1002-1001-1002 Affected: 1005-1002-1002-1000 Affected: 1005-1002-1004-1001 Affected: 1006-1001-1003-1000 Affected: 1006-1001-1003-1003 Affected: 1006-1002-1001-1002 Affected: 1006-1002-1003-1000 Affected: 1006R-1002R-1001R-1002R Affected: 1007-1001-1003-1000 Affected: 1007-1001-1003-1003 Affected: 1007-1002-1004-1000 Affected: 1007-1003-1005-1001 Affected: 1007E-1003E-1005EJ-1001E Affected: 1007V-1003V-1005V-1001V Affected: 1008-1001-1001-1001 Affected: 1008-1002-1002-1003 Affected: 1008-1002-1005-1000 Affected: 1008-1003-1005-1003 Affected: 1008-1004-1003-1002 Affected: 1009-1001-1002-1001 Affected: 1009-1001-1004-1000 Affected: 1009-1003-1006-1001 Affected: 1009-1004-1005-1006 Affected: 1009-1004-1006-1003 Affected: 1009Y-1003Y-1006Y-1001Y Affected: 1010-1001-1003-1001 Affected: 1010-1001-1004-1005 Affected: 1010-1002-1005-1000 Affected: 1010-1004-1007-1001 Affected: 1010-1005-1005-1002 Affected: 1011-1002-1004-1001 Affected: 1011-1002-1006-1000 Affected: 1011-1005-1007EJ-1001 Affected: 1011-1005-1008-1002 Affected: 1012-1002-1004-1001 Affected: 1012-1002-1006-1005 Affected: 1012-1002-1007-1004 Affected: 1012-1003-1001-1005 Affected: 1012-1003-1005-1005 Affected: 1012-1004-1008-1008 Affected: 1012-1008-1009-1000-FFFF Affected: 1013-1002-1006-1005 Affected: 1013-1003-1005-1001 Affected: 1013-1004-1008-1003 Affected: 1013-1004-1008-1008 Affected: 1014-1002-1007-1004 Affected: 1014-1003-1006-1001 Affected: 1014-1003-1006PL-1001 Affected: 1014-1003-1007-1001 Affected: 1014-1004-1008-1008 Affected: 1014-1005-1009-1002 Affected: 1014-1007-1009-1001 Affected: 1014L-1002L-1006L-1005L Affected: 1015-1006-1004-1002 Affected: 1015-1006-1005-1002 Affected: 1015-1006-1008-1002 Affected: 1015-1006-1008-1007 Affected: 1015-1006-1010-1003 Affected: 1015-1007-1007-1007 Affected: 1015K-1006K-1008PO-1002K Affected: 1015Y-1007Y-1010Y-1001Y Affected: 1016-1003-1007-1001 Affected: 1016-1004-1009-1009 Affected: 1016-1006-1008-1007 Affected: 1016-1007-1005-1001 Affected: 1016-1007-1009-1003 Affected: 1016-1007-1011-1001 Affected: 1016-1007-1011-1003 Affected: 1016-1008-1007-1007 Affected: 1016Y-1007Y-1011Y-1001Y Affected: 1017-1002-1008-1005 Affected: 1017-1003-1007-1002 Affected: 1017-1003-1008-1006 Affected: 1017-1008-1012-1002 Affected: 1017-1011-1013-1001-FFFF Affected: 1017k-1003k-1008k-1006k Affected: 1017Y-1008Y-1012Y-1002Y Affected: 1018-1003-1005-1004 Affected: 1018-1003-1007-1002 Affected: 1018-1003-1008-1003 Affected: 1018-1003-1008-1004 Affected: 1018-1003-1008PO-1003 Affected: 1018-1006-1009-1007 Affected: 1018-1007-1009-1003 Affected: 1018-1008-1012-1004 Affected: 1019-1003-1007-1002 Affected: 1019-1003-1008-1001 Affected: 1019-1004-1009-1007 Affected: 1019-1007-1009-1003 Affected: 1019-1009-1013-1003 Affected: 1019-1010-1009-1009 Affected: 1019c-1012c-1014c-1001c-FFFF Affected: 1020-1003-1008-1003 Affected: 1020-1003-1008-1004 Affected: 1020-1003-1010-1006 Affected: 1020-1004-1009-1007 Affected: 1020-1005-1011-1010 Affected: 1020-1005-1012-1007 Affected: 1020-1007-1008-1003 Affected: 1020-1007-1009-1003 Affected: 1021-1003-1008-1003 Affected: 1021-1003-1008-1004 Affected: 1021-1005-1011-1010 Affected: 1021-1007-1010-1003 Affected: 1021L-1003L-1010L-1006L Affected: 1021r-1004r-1009r-1007r Affected: 1022-1003-1008-1002 Affected: 1022-1004-1009-1007 Affected: 1022-1007-1012-1007 Affected: 1022-1012-1011-1009 Affected: 1022-1014-1016-1002-FFFF Affected: 1022L-1004L-1011L-1006L Affected: 1022L-1005L-1011L-1010L Affected: 1022Y-1014Y-1016Y-1002Y-FFFF Affected: 1023-1004-1010-1007 Affected: 1023-1014-1017-1002-FFFF Affected: 1025-1006-1013-1011 Affected: 1025-1008-1013-1008 Affected: 1025-1014-1013-1009 Affected: 1027-1008-1012-1008 Affected: 1027-1008-1013-1008 Affected: 1027-1014-1015-1009 Affected: 1027L-1006L-1015L-1009L Affected: 1028-1007-1014-1012 Affected: 1029-1007-1014-1008 Affected: 1030-1007-1014-1012 Affected: 1030-1008-1014-1008 Affected: 1031-1007-1015-1012 Affected: 1032-1007-1015-1008 Affected: 1032k-1007k-1015k-1008k Affected: 1036r-1008r-1016r-1009r Affected: 1037-1008-1017-1009 Affected: S749-S749-S749-S749 Affected: S820-S820-S820-S820 Affected: S823-S823-S823-S823 Affected: S855-S855-S855-S855 Affected: S914V-S914V-S914V-S914V Affected: S968-S968-S968-S968 Affected: S984-S984-S984-S984 Affected: T717-T717-T717-T717 |
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:33:10.541355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:33:20.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"cgi-bin/supervisor/adcommand.cgi",
"strCmd within DoShellCmd"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1001-1001-1001"
},
{
"status": "affected",
"version": "1003-1000-1001-1000"
},
{
"status": "affected",
"version": "1003-1001-1001-1000"
},
{
"status": "affected",
"version": "1003-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1000-1000-1000"
},
{
"status": "affected",
"version": "1004-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1001-1002-1000"
},
{
"status": "affected",
"version": "1004-1002-1001-1000"
},
{
"status": "affected",
"version": "1004V-1002V-1003V-1001V"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001EJ-1000Y"
},
{
"status": "affected",
"version": "1005-1001-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1001-1002"
},
{
"status": "affected",
"version": "1005-1002-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1004-1001"
},
{
"status": "affected",
"version": "1006-1001-1003-1000"
},
{
"status": "affected",
"version": "1006-1001-1003-1003"
},
{
"status": "affected",
"version": "1006-1002-1001-1002"
},
{
"status": "affected",
"version": "1006-1002-1003-1000"
},
{
"status": "affected",
"version": "1006R-1002R-1001R-1002R"
},
{
"status": "affected",
"version": "1007-1001-1003-1000"
},
{
"status": "affected",
"version": "1007-1001-1003-1003"
},
{
"status": "affected",
"version": "1007-1002-1004-1000"
},
{
"status": "affected",
"version": "1007-1003-1005-1001"
},
{
"status": "affected",
"version": "1007E-1003E-1005EJ-1001E"
},
{
"status": "affected",
"version": "1007V-1003V-1005V-1001V"
},
{
"status": "affected",
"version": "1008-1001-1001-1001"
},
{
"status": "affected",
"version": "1008-1002-1002-1003"
},
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1008-1003-1005-1003"
},
{
"status": "affected",
"version": "1008-1004-1003-1002"
},
{
"status": "affected",
"version": "1009-1001-1002-1001"
},
{
"status": "affected",
"version": "1009-1001-1004-1000"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009-1004-1005-1006"
},
{
"status": "affected",
"version": "1009-1004-1006-1003"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1001-1003-1001"
},
{
"status": "affected",
"version": "1010-1001-1004-1005"
},
{
"status": "affected",
"version": "1010-1002-1005-1000"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010-1005-1005-1002"
},
{
"status": "affected",
"version": "1011-1002-1004-1001"
},
{
"status": "affected",
"version": "1011-1002-1006-1000"
},
{
"status": "affected",
"version": "1011-1005-1007EJ-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1012-1002-1004-1001"
},
{
"status": "affected",
"version": "1012-1002-1006-1005"
},
{
"status": "affected",
"version": "1012-1002-1007-1004"
},
{
"status": "affected",
"version": "1012-1003-1001-1005"
},
{
"status": "affected",
"version": "1012-1003-1005-1005"
},
{
"status": "affected",
"version": "1012-1004-1008-1008"
},
{
"status": "affected",
"version": "1012-1008-1009-1000-FFFF"
},
{
"status": "affected",
"version": "1013-1002-1006-1005"
},
{
"status": "affected",
"version": "1013-1003-1005-1001"
},
{
"status": "affected",
"version": "1013-1004-1008-1003"
},
{
"status": "affected",
"version": "1013-1004-1008-1008"
},
{
"status": "affected",
"version": "1014-1002-1007-1004"
},
{
"status": "affected",
"version": "1014-1003-1006-1001"
},
{
"status": "affected",
"version": "1014-1003-1006PL-1001"
},
{
"status": "affected",
"version": "1014-1003-1007-1001"
},
{
"status": "affected",
"version": "1014-1004-1008-1008"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1014-1007-1009-1001"
},
{
"status": "affected",
"version": "1014L-1002L-1006L-1005L"
},
{
"status": "affected",
"version": "1015-1006-1004-1002"
},
{
"status": "affected",
"version": "1015-1006-1005-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1007"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1015-1007-1007-1007"
},
{
"status": "affected",
"version": "1015K-1006K-1008PO-1002K"
},
{
"status": "affected",
"version": "1015Y-1007Y-1010Y-1001Y"
},
{
"status": "affected",
"version": "1016-1003-1007-1001"
},
{
"status": "affected",
"version": "1016-1004-1009-1009"
},
{
"status": "affected",
"version": "1016-1006-1008-1007"
},
{
"status": "affected",
"version": "1016-1007-1005-1001"
},
{
"status": "affected",
"version": "1016-1007-1009-1003"
},
{
"status": "affected",
"version": "1016-1007-1011-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1016-1008-1007-1007"
},
{
"status": "affected",
"version": "1016Y-1007Y-1011Y-1001Y"
},
{
"status": "affected",
"version": "1017-1002-1008-1005"
},
{
"status": "affected",
"version": "1017-1003-1007-1002"
},
{
"status": "affected",
"version": "1017-1003-1008-1006"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017-1011-1013-1001-FFFF"
},
{
"status": "affected",
"version": "1017k-1003k-1008k-1006k"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1003-1005-1004"
},
{
"status": "affected",
"version": "1018-1003-1007-1002"
},
{
"status": "affected",
"version": "1018-1003-1008-1003"
},
{
"status": "affected",
"version": "1018-1003-1008-1004"
},
{
"status": "affected",
"version": "1018-1003-1008PO-1003"
},
{
"status": "affected",
"version": "1018-1006-1009-1007"
},
{
"status": "affected",
"version": "1018-1007-1009-1003"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1003-1007-1002"
},
{
"status": "affected",
"version": "1019-1003-1008-1001"
},
{
"status": "affected",
"version": "1019-1004-1009-1007"
},
{
"status": "affected",
"version": "1019-1007-1009-1003"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019-1010-1009-1009"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1020-1003-1008-1003"
},
{
"status": "affected",
"version": "1020-1003-1008-1004"
},
{
"status": "affected",
"version": "1020-1003-1010-1006"
},
{
"status": "affected",
"version": "1020-1004-1009-1007"
},
{
"status": "affected",
"version": "1020-1005-1011-1010"
},
{
"status": "affected",
"version": "1020-1005-1012-1007"
},
{
"status": "affected",
"version": "1020-1007-1008-1003"
},
{
"status": "affected",
"version": "1020-1007-1009-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1004"
},
{
"status": "affected",
"version": "1021-1005-1011-1010"
},
{
"status": "affected",
"version": "1021-1007-1010-1003"
},
{
"status": "affected",
"version": "1021L-1003L-1010L-1006L"
},
{
"status": "affected",
"version": "1021r-1004r-1009r-1007r"
},
{
"status": "affected",
"version": "1022-1003-1008-1002"
},
{
"status": "affected",
"version": "1022-1004-1009-1007"
},
{
"status": "affected",
"version": "1022-1007-1012-1007"
},
{
"status": "affected",
"version": "1022-1012-1011-1009"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022L-1004L-1011L-1006L"
},
{
"status": "affected",
"version": "1022L-1005L-1011L-1010L"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1004-1010-1007"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
},
{
"status": "affected",
"version": "1025-1006-1013-1011"
},
{
"status": "affected",
"version": "1025-1008-1013-1008"
},
{
"status": "affected",
"version": "1025-1014-1013-1009"
},
{
"status": "affected",
"version": "1027-1008-1012-1008"
},
{
"status": "affected",
"version": "1027-1008-1013-1008"
},
{
"status": "affected",
"version": "1027-1014-1015-1009"
},
{
"status": "affected",
"version": "1027L-1006L-1015L-1009L"
},
{
"status": "affected",
"version": "1028-1007-1014-1012"
},
{
"status": "affected",
"version": "1029-1007-1014-1008"
},
{
"status": "affected",
"version": "1030-1007-1014-1012"
},
{
"status": "affected",
"version": "1030-1008-1014-1008"
},
{
"status": "affected",
"version": "1031-1007-1015-1012"
},
{
"status": "affected",
"version": "1032-1007-1015-1008"
},
{
"status": "affected",
"version": "1032k-1007k-1015k-1008k"
},
{
"status": "affected",
"version": "1036r-1008r-1016r-1009r"
},
{
"status": "affected",
"version": "1037-1008-1017-1009"
},
{
"status": "affected",
"version": "S749-S749-S749-S749"
},
{
"status": "affected",
"version": "S820-S820-S820-S820"
},
{
"status": "affected",
"version": "S823-S823-S823-S823"
},
{
"status": "affected",
"version": "S855-S855-S855-S855"
},
{
"status": "affected",
"version": "S914V-S914V-S914V-S914V"
},
{
"status": "affected",
"version": "S968-S968-S968-S968"
},
{
"status": "affected",
"version": "S984-S984-S984-S984"
},
{
"status": "affected",
"version": "T717-T717-T717-T717"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the \u003ccode\u003eadcommand.cgi\u003c/code\u003e endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the \u003ccode\u003eDoShellCmd\u003c/code\u003e operation, passing arbitrary input via the \u003ccode\u003estrCmd\u003c/code\u003e parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."
}
],
"value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:46:38.848Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34055",
"datePublished": "2025-07-01T14:46:38.848Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T18:33:20.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34054 (GCVE-0-2025-34054)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:46 – Updated: 2025-11-20 20:51 X_Known Exploited Vulnerability
VLAI?
Title
AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection
Summary
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Affected:
1008-1002-1005-1000
Affected: 1009-1003-1006-1001 Affected: 1009Y-1003Y-1006Y-1001Y Affected: 1010-1004-1007-1001 Affected: 1011-1005-1008-1002 Affected: 1014-1005-1009-1002 Affected: 1015-1006-1010-1003 Affected: 1016-1007-1011-1003 Affected: 1017-1008-1012-1002 Affected: 1017Y-1008Y-1012Y-1002Y Affected: 1018-1008-1012-1004 Affected: 1019-1009-1013-1003 Affected: 1019c-1012c-1014c-1001c-FFFF Affected: 1022-1014-1016-1002-FFFF Affected: 1022Y-1014Y-1016Y-1002Y-FFFF Affected: 1023-1014-1017-1002-FFFF |
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34054",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:46:33.820743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:46:40.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Search.cgi",
"username parameter",
"queryb64str"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC."
}
],
"value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:51:31.936Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34054",
"datePublished": "2025-07-01T14:46:00.832Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-11-20T20:51:31.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34053 (GCVE-0-2025-34053)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:45 – Updated: 2025-07-01 18:46
VLAI?
Title
AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation
Summary
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
Severity ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR devices |
Affected:
1000-1000-1000-1000
Affected: 1000C-1000C-1000C-1000C Affected: 1001-1000-1000-1000 Affected: 1001-1001-1000-1000 Affected: 1002-1000-1000-1000 Affected: 1002-1002-1000-1002 Affected: 1002D-1000D-1000D-1000D Affected: 1003-1000-1000-1001 Affected: 1003-1001-1001-1000 Affected: 1003-1002-1001-1000 Affected: 1004-1000-1000-1000 Affected: 1004-1001-1001-1001 Affected: 1004-1003-1001-1002 Affected: 1004-1003-1002-1001 Affected: 1004A-1001A-1002A-1000A Affected: 1005-1002-1001-1002 Affected: 1005-1003-1001-1002 Affected: 1005-1004-1002-1001 Affected: 1005A-1001A-1002A-1001A Affected: 1005D-1001D-1002D-1001D Affected: 1006-1002-1001-1002 Affected: 1006-1004-1003-1001 Affected: 1007-1001-1003-1001 Affected: 1007-1001-1004-1003 Affected: 1007-1002-1001-1003 Affected: 1007-1002-1003-1002 Affected: 1007-1004-1003-1001 Affected: 1008-1001-1003-1002 Affected: 1008-1004-1004-1001 Affected: 1008D-1003D-1004D-1002D Affected: 1008J-1004J-1004J-1001J Affected: 1009-1001-1004-1001 Affected: 1009-1002-1005-1003 Affected: 1009-1003-1005-1002 Affected: 1010-1001-1004-1001 Affected: 1010-1001-1004-1002 Affected: 1010-1003-1005-1002 Affected: 1010-1003-1006-1003 Affected: 1010-1003-1006-1004 Affected: 1010-1004-1007-1001 Affected: 1010J-1001J-1004J-1001J Affected: 1010N-1003N-1005N-1002N Affected: 1011-1001-1002A-1002 Affected: 1011-1001-1002D-1002 Affected: 1011-1001-1003-1002 Affected: 1011-1001-1004-1002 Affected: 1011-1001-1005-1002 Affected: 1011-1004-1005-1002 Affected: 1012-1001-1005-1002 Affected: 1012-1001-1005-1003 Affected: 1012-1001-1005PO-1002 Affected: 1012-1003-1007-1002 Affected: 1012-1003-1007-1004 Affected: 1013-1001-1005-1003 Affected: 1013-1002-1006-1002 Affected: 1013-1003-1008-1003 Affected: 1013-1004-1008-1004 Affected: 1013-1005-1005-1002 Affected: 1013-1005-1007-1002 Affected: 1013K-1005K-1007PO-1002K Affected: 1014-1002-1006-1002 Affected: 1014-1002-1006-1003 Affected: 1014-1003-1008-1003 Affected: 1014-1005-1008-1002 Affected: 1014B-1002B-1006B-1002B Affected: 1015-1001-1006-1003 Affected: 1015-1002-1006-1003 Affected: 1015-1002-1007-1002 Affected: 1015-1003-1008-1003 Affected: 1015-1005-1009-1004 Affected: 1015-1006-1004-1002 Affected: 1015-1006-1005-1002 Affected: 1015-1006-1008-1002 Affected: 1015C-1004C-1003C-1005C Affected: 1015K-1006K-1008PO-1002K Affected: 1016-1002-1007-1002 Affected: 1016-1006-1013-1002 Affected: 1016-1007-1009-1003 Affected: 1016-1007-1011-1003 Affected: 1017-1002-1007-1003 Affected: 1017-1003-1007-1003 Affected: 1017-1003-1009-1003 Affected: 1017-1005-1004-1005 Affected: 1017-1006-1013-1002 Affected: 1017-1013-1014-1005 Affected: 1018-1003-1005-1004 Affected: 1018-1003-1008-1003 Affected: 1018-1003-1008-1004 Affected: 1018-1003-1008PO-1003 Affected: 1018-1004-1005-1005 Affected: 1018-1007-1009-1003 Affected: 1018-1012-1011-1010 Affected: 1019-1004-1006-1005 Affected: 1019-1007-1009-1003 Affected: 1020-1003-1008-1003 Affected: 1020-1003-1008-1004 Affected: 1020-1004-1007-1006 Affected: 1020-1007-1008-1003 Affected: 1020-1007-1009-1003 Affected: 1021-1003-1008-1003 Affected: 1021-1003-1008-1004 Affected: 1021-1005-1006-1005 Affected: 1021-1005-1008-1006 Affected: 1021-1006-1015-1002 Affected: 1021-1007-1010-1003 Affected: 1022-1005-1007-1005 Affected: 1022-1005-1009-1007 Affected: 1022-1006-1015-1002 Affected: 1022-1013-1014-1010 Affected: 1022-1014-1016-1002-FFFF Affected: 1022Y-1014Y-1016Y-1002Y-FFFF Affected: 1023-1005-1008-1006 Affected: 1023-1007-1016-1003 Affected: 1024-1019-1019-1007 Affected: 1025-1006-1010-1007 Affected: 1025-1017-1017-1011 Affected: 1027-1007-1019-1003 Affected: 1027-1021-1021-1008 Affected: 1028-1021-1022-1008 Affected: 1031-1007-1022-1003 Affected: 1032-1022-1024-1008 Affected: 1033-1018-1021-1012 Affected: 1035-1005-1005-1004 Affected: 1035-1005-1005-1005 Affected: 1035-1005-1005-1005P Affected: 1035-1007-1024-1003 Affected: 1035-1024-1025-1008 Affected: 1036-1005-1006-1005 Affected: 1036-1007-1024-1003 Affected: 1036-1014-1016-1016 Affected: 1037-1024-1027-1008 Affected: 1037-1025-1027-1008 Affected: 1038-1021-1024-1012 Affected: 1038-1021-1024-1012-A5 Affected: 1038-1025-1028-1008 Affected: 1039-1005-1008-1004 Affected: 1039-1005-1008-1005 Affected: 1039-1014-1017-1016 Affected: 1039D-1014D-1017D-1016D Affected: 1040-1026-1029-1008 Affected: 1041-1005-1009-1005 Affected: 1042-1026-1030-1008 Affected: 1044-1026-1030-1008 Affected: 1044-1026-1031-1008 Affected: 1045-1015-1020-1018 Affected: 1046-1027-1032-1008 Affected: 1047-1027-1031-1008 Affected: 1049-1027-1033-1008 Affected: 1050-1027-1034-1008 Affected: 1050-1027-1036-1008 Affected: 1051-1027-1035-1008 Affected: 1051CZ-1028-1037-1008 Affected: 1052-1027-1034-1008 Affected: 1052-1028-1038-1008 Affected: 1052A-1028-1038A-1008 Affected: 1054-1027-1036-1008 Affected: 1054-1028-1036-1008 Affected: 1055-1028-1036-1008 Affected: 1056-1028-1037-1008 Affected: 1058-1028-1039-1008 Affected: 1062-1028-1041-1008 Affected: 1065-1029-1043-1008 Affected: 1068-1029-1043-1008 Affected: 1069-1029-1043-1008 Affected: 1071-1029-1044-1008 Affected: 1077-1017-1035-1007 Affected: 1077-1017-1035-1007-A6 Affected: 1077-1017-1035-1007-D4 Affected: 1077-1017-1035-1007-D705FF Affected: 1078-1017-1036-1007 Affected: 1078-1017-1036-1007-A6 Affected: 1078-1017-1036-1007-D707FF Affected: 1079-1017-1037-1007 Affected: 1079-1017-1037-1007-D4 Affected: 1W77-1W17-1W35-1W07-A6 Affected: A077-1017-A035-1007 Affected: A077-1017-A035-1007-A6 Affected: A1035-1024-A1025-1008 Affected: A1038-1025-A1028-1008-D4 Affected: S681-S681-S681-S681 Affected: S749-S749-S749-S749 Affected: S818-S818-S818-S818 Affected: S820-S820-S820-S820 Affected: S823-S823-S823-S823 Affected: S914V-S914V-S914V-S914V Affected: S984-S984-S984-S984 |
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34053",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:46:03.365792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:46:09.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"streamd web server",
"request URL parameter"
],
"product": "IP camera, DVR, and NVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1000-1000-1000-1000"
},
{
"status": "affected",
"version": "1000C-1000C-1000C-1000C"
},
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1001-1001-1000-1000"
},
{
"status": "affected",
"version": "1002-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1002-1000-1002"
},
{
"status": "affected",
"version": "1002D-1000D-1000D-1000D"
},
{
"status": "affected",
"version": "1003-1000-1000-1001"
},
{
"status": "affected",
"version": "1003-1001-1001-1000"
},
{
"status": "affected",
"version": "1003-1002-1001-1000"
},
{
"status": "affected",
"version": "1004-1000-1000-1000"
},
{
"status": "affected",
"version": "1004-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1003-1001-1002"
},
{
"status": "affected",
"version": "1004-1003-1002-1001"
},
{
"status": "affected",
"version": "1004A-1001A-1002A-1000A"
},
{
"status": "affected",
"version": "1005-1002-1001-1002"
},
{
"status": "affected",
"version": "1005-1003-1001-1002"
},
{
"status": "affected",
"version": "1005-1004-1002-1001"
},
{
"status": "affected",
"version": "1005A-1001A-1002A-1001A"
},
{
"status": "affected",
"version": "1005D-1001D-1002D-1001D"
},
{
"status": "affected",
"version": "1006-1002-1001-1002"
},
{
"status": "affected",
"version": "1006-1004-1003-1001"
},
{
"status": "affected",
"version": "1007-1001-1003-1001"
},
{
"status": "affected",
"version": "1007-1001-1004-1003"
},
{
"status": "affected",
"version": "1007-1002-1001-1003"
},
{
"status": "affected",
"version": "1007-1002-1003-1002"
},
{
"status": "affected",
"version": "1007-1004-1003-1001"
},
{
"status": "affected",
"version": "1008-1001-1003-1002"
},
{
"status": "affected",
"version": "1008-1004-1004-1001"
},
{
"status": "affected",
"version": "1008D-1003D-1004D-1002D"
},
{
"status": "affected",
"version": "1008J-1004J-1004J-1001J"
},
{
"status": "affected",
"version": "1009-1001-1004-1001"
},
{
"status": "affected",
"version": "1009-1002-1005-1003"
},
{
"status": "affected",
"version": "1009-1003-1005-1002"
},
{
"status": "affected",
"version": "1010-1001-1004-1001"
},
{
"status": "affected",
"version": "1010-1001-1004-1002"
},
{
"status": "affected",
"version": "1010-1003-1005-1002"
},
{
"status": "affected",
"version": "1010-1003-1006-1003"
},
{
"status": "affected",
"version": "1010-1003-1006-1004"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010J-1001J-1004J-1001J"
},
{
"status": "affected",
"version": "1010N-1003N-1005N-1002N"
},
{
"status": "affected",
"version": "1011-1001-1002A-1002"
},
{
"status": "affected",
"version": "1011-1001-1002D-1002"
},
{
"status": "affected",
"version": "1011-1001-1003-1002"
},
{
"status": "affected",
"version": "1011-1001-1004-1002"
},
{
"status": "affected",
"version": "1011-1001-1005-1002"
},
{
"status": "affected",
"version": "1011-1004-1005-1002"
},
{
"status": "affected",
"version": "1012-1001-1005-1002"
},
{
"status": "affected",
"version": "1012-1001-1005-1003"
},
{
"status": "affected",
"version": "1012-1001-1005PO-1002"
},
{
"status": "affected",
"version": "1012-1003-1007-1002"
},
{
"status": "affected",
"version": "1012-1003-1007-1004"
},
{
"status": "affected",
"version": "1013-1001-1005-1003"
},
{
"status": "affected",
"version": "1013-1002-1006-1002"
},
{
"status": "affected",
"version": "1013-1003-1008-1003"
},
{
"status": "affected",
"version": "1013-1004-1008-1004"
},
{
"status": "affected",
"version": "1013-1005-1005-1002"
},
{
"status": "affected",
"version": "1013-1005-1007-1002"
},
{
"status": "affected",
"version": "1013K-1005K-1007PO-1002K"
},
{
"status": "affected",
"version": "1014-1002-1006-1002"
},
{
"status": "affected",
"version": "1014-1002-1006-1003"
},
{
"status": "affected",
"version": "1014-1003-1008-1003"
},
{
"status": "affected",
"version": "1014-1005-1008-1002"
},
{
"status": "affected",
"version": "1014B-1002B-1006B-1002B"
},
{
"status": "affected",
"version": "1015-1001-1006-1003"
},
{
"status": "affected",
"version": "1015-1002-1006-1003"
},
{
"status": "affected",
"version": "1015-1002-1007-1002"
},
{
"status": "affected",
"version": "1015-1003-1008-1003"
},
{
"status": "affected",
"version": "1015-1005-1009-1004"
},
{
"status": "affected",
"version": "1015-1006-1004-1002"
},
{
"status": "affected",
"version": "1015-1006-1005-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1002"
},
{
"status": "affected",
"version": "1015C-1004C-1003C-1005C"
},
{
"status": "affected",
"version": "1015K-1006K-1008PO-1002K"
},
{
"status": "affected",
"version": "1016-1002-1007-1002"
},
{
"status": "affected",
"version": "1016-1006-1013-1002"
},
{
"status": "affected",
"version": "1016-1007-1009-1003"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1017-1002-1007-1003"
},
{
"status": "affected",
"version": "1017-1003-1007-1003"
},
{
"status": "affected",
"version": "1017-1003-1009-1003"
},
{
"status": "affected",
"version": "1017-1005-1004-1005"
},
{
"status": "affected",
"version": "1017-1006-1013-1002"
},
{
"status": "affected",
"version": "1017-1013-1014-1005"
},
{
"status": "affected",
"version": "1018-1003-1005-1004"
},
{
"status": "affected",
"version": "1018-1003-1008-1003"
},
{
"status": "affected",
"version": "1018-1003-1008-1004"
},
{
"status": "affected",
"version": "1018-1003-1008PO-1003"
},
{
"status": "affected",
"version": "1018-1004-1005-1005"
},
{
"status": "affected",
"version": "1018-1007-1009-1003"
},
{
"status": "affected",
"version": "1018-1012-1011-1010"
},
{
"status": "affected",
"version": "1019-1004-1006-1005"
},
{
"status": "affected",
"version": "1019-1007-1009-1003"
},
{
"status": "affected",
"version": "1020-1003-1008-1003"
},
{
"status": "affected",
"version": "1020-1003-1008-1004"
},
{
"status": "affected",
"version": "1020-1004-1007-1006"
},
{
"status": "affected",
"version": "1020-1007-1008-1003"
},
{
"status": "affected",
"version": "1020-1007-1009-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1004"
},
{
"status": "affected",
"version": "1021-1005-1006-1005"
},
{
"status": "affected",
"version": "1021-1005-1008-1006"
},
{
"status": "affected",
"version": "1021-1006-1015-1002"
},
{
"status": "affected",
"version": "1021-1007-1010-1003"
},
{
"status": "affected",
"version": "1022-1005-1007-1005"
},
{
"status": "affected",
"version": "1022-1005-1009-1007"
},
{
"status": "affected",
"version": "1022-1006-1015-1002"
},
{
"status": "affected",
"version": "1022-1013-1014-1010"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1005-1008-1006"
},
{
"status": "affected",
"version": "1023-1007-1016-1003"
},
{
"status": "affected",
"version": "1024-1019-1019-1007"
},
{
"status": "affected",
"version": "1025-1006-1010-1007"
},
{
"status": "affected",
"version": "1025-1017-1017-1011"
},
{
"status": "affected",
"version": "1027-1007-1019-1003"
},
{
"status": "affected",
"version": "1027-1021-1021-1008"
},
{
"status": "affected",
"version": "1028-1021-1022-1008"
},
{
"status": "affected",
"version": "1031-1007-1022-1003"
},
{
"status": "affected",
"version": "1032-1022-1024-1008"
},
{
"status": "affected",
"version": "1033-1018-1021-1012"
},
{
"status": "affected",
"version": "1035-1005-1005-1004"
},
{
"status": "affected",
"version": "1035-1005-1005-1005"
},
{
"status": "affected",
"version": "1035-1005-1005-1005P"
},
{
"status": "affected",
"version": "1035-1007-1024-1003"
},
{
"status": "affected",
"version": "1035-1024-1025-1008"
},
{
"status": "affected",
"version": "1036-1005-1006-1005"
},
{
"status": "affected",
"version": "1036-1007-1024-1003"
},
{
"status": "affected",
"version": "1036-1014-1016-1016"
},
{
"status": "affected",
"version": "1037-1024-1027-1008"
},
{
"status": "affected",
"version": "1037-1025-1027-1008"
},
{
"status": "affected",
"version": "1038-1021-1024-1012"
},
{
"status": "affected",
"version": "1038-1021-1024-1012-A5"
},
{
"status": "affected",
"version": "1038-1025-1028-1008"
},
{
"status": "affected",
"version": "1039-1005-1008-1004"
},
{
"status": "affected",
"version": "1039-1005-1008-1005"
},
{
"status": "affected",
"version": "1039-1014-1017-1016"
},
{
"status": "affected",
"version": "1039D-1014D-1017D-1016D"
},
{
"status": "affected",
"version": "1040-1026-1029-1008"
},
{
"status": "affected",
"version": "1041-1005-1009-1005"
},
{
"status": "affected",
"version": "1042-1026-1030-1008"
},
{
"status": "affected",
"version": "1044-1026-1030-1008"
},
{
"status": "affected",
"version": "1044-1026-1031-1008"
},
{
"status": "affected",
"version": "1045-1015-1020-1018"
},
{
"status": "affected",
"version": "1046-1027-1032-1008"
},
{
"status": "affected",
"version": "1047-1027-1031-1008"
},
{
"status": "affected",
"version": "1049-1027-1033-1008"
},
{
"status": "affected",
"version": "1050-1027-1034-1008"
},
{
"status": "affected",
"version": "1050-1027-1036-1008"
},
{
"status": "affected",
"version": "1051-1027-1035-1008"
},
{
"status": "affected",
"version": "1051CZ-1028-1037-1008"
},
{
"status": "affected",
"version": "1052-1027-1034-1008"
},
{
"status": "affected",
"version": "1052-1028-1038-1008"
},
{
"status": "affected",
"version": "1052A-1028-1038A-1008"
},
{
"status": "affected",
"version": "1054-1027-1036-1008"
},
{
"status": "affected",
"version": "1054-1028-1036-1008"
},
{
"status": "affected",
"version": "1055-1028-1036-1008"
},
{
"status": "affected",
"version": "1056-1028-1037-1008"
},
{
"status": "affected",
"version": "1058-1028-1039-1008"
},
{
"status": "affected",
"version": "1062-1028-1041-1008"
},
{
"status": "affected",
"version": "1065-1029-1043-1008"
},
{
"status": "affected",
"version": "1068-1029-1043-1008"
},
{
"status": "affected",
"version": "1069-1029-1043-1008"
},
{
"status": "affected",
"version": "1071-1029-1044-1008"
},
{
"status": "affected",
"version": "1077-1017-1035-1007"
},
{
"status": "affected",
"version": "1077-1017-1035-1007-A6"
},
{
"status": "affected",
"version": "1077-1017-1035-1007-D4"
},
{
"status": "affected",
"version": "1077-1017-1035-1007-D705FF"
},
{
"status": "affected",
"version": "1078-1017-1036-1007"
},
{
"status": "affected",
"version": "1078-1017-1036-1007-A6"
},
{
"status": "affected",
"version": "1078-1017-1036-1007-D707FF"
},
{
"status": "affected",
"version": "1079-1017-1037-1007"
},
{
"status": "affected",
"version": "1079-1017-1037-1007-D4"
},
{
"status": "affected",
"version": "1W77-1W17-1W35-1W07-A6"
},
{
"status": "affected",
"version": "A077-1017-A035-1007"
},
{
"status": "affected",
"version": "A077-1017-A035-1007-A6"
},
{
"status": "affected",
"version": "A1035-1024-A1025-1008"
},
{
"status": "affected",
"version": "A1038-1025-A1028-1008-D4"
},
{
"status": "affected",
"version": "S681-S681-S681-S681"
},
{
"status": "affected",
"version": "S749-S749-S749-S749"
},
{
"status": "affected",
"version": "S818-S818-S818-S818"
},
{
"status": "affected",
"version": "S820-S820-S820-S820"
},
{
"status": "affected",
"version": "S823-S823-S823-S823"
},
{
"status": "affected",
"version": "S914V-S914V-S914V-S914V"
},
{
"status": "affected",
"version": "S984-S984-S984-S984"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function is used to identify \".cab\" requests, allowing any URL containing \".cab\" to bypass authentication and access protected endpoints."
}
],
"value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function is used to identify \".cab\" requests, allowing any URL containing \".cab\" to bypass authentication and access protected endpoints."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:45:02.858Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34053",
"datePublished": "2025-07-01T14:45:02.858Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T18:46:09.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34052 (GCVE-0-2025-34052)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:44 – Updated: 2025-10-09 15:06
VLAI?
An unauthenticated endpoint that exposes firmware version, MAC address, and supported codecs is not indicative of a security boundary being crossed, as this metadata is not inherently sensitive and commonly used for legitimate fingerprinting and discovery.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-10-09T15:06:37.810Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated endpoint that exposes firmware version, MAC address, and supported codecs is not indicative of a security boundary being crossed, as this metadata is not inherently sensitive and commonly used for legitimate fingerprinting and discovery."
}
],
"value": "An unauthenticated endpoint that exposes firmware version, MAC address, and supported codecs is not indicative of a security boundary being crossed, as this metadata is not inherently sensitive and commonly used for legitimate fingerprinting and discovery."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34052",
"datePublished": "2025-07-01T14:44:40.785Z",
"dateRejected": "2025-10-09T15:03:04.389Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-10-09T15:06:37.810Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34051 (GCVE-0-2025-34051)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:44 – Updated: 2025-07-01 14:59
VLAI?
Title
AVTECH DVR Devices Server-Side Request Forgery
Summary
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | DVR devices |
Affected:
1001-1000-1000-1000
Affected: 1001-1000-1001-1001 Affected: 1002-1000-1002-1001 Unaffected: 1002-1001-1000-1000 Affected: 1002-1001-1001-1001 Affected: 1004-1002-1001-1000 Affected: 1004-1002-1003-1000-FFFF Affected: 1004V-1002V-1003V-1001V Affected: 1004Y-1002Y-1001EJ-1000Y Affected: 1004Y-1002Y-1001Y-1000Y Affected: 1005-1002-1002-1000 Affected: 1005-1002-1004-1001 Affected: 1006-1001-1003-1004 Affected: 1006-1002-1003-1000 Affected: 1006Y-1002Y-1003Y-1000Y Affected: 1007-1002-1004-1000 Affected: 1007-1003-1003-1002 Affected: 1007-1003-1005-1001 Affected: 1007E-1003E-1005EJ-1001E Affected: 1007V-1003V-1005V-1001V Affected: 1007Y-1002Y-1004Y-1000Y Affected: 1008-1002-1005-1000 Affected: 1008-1004-1003-1002 Affected: 1009-1003-1005-1006 Affected: 1009-1003-1006-1001 Affected: 1009-1007-1007-1000-FFFF Affected: 1009Y-1003Y-1006Y-1001Y Affected: 1010-1004-1007-1001 Affected: 1010-1005-1005-1002 Affected: 1011-1004-1005-1006 Affected: 1011-1005-1007-1001 Affected: 1011-1005-1007EJ-1001 Affected: 1011-1005-1008-1002 Affected: 1012-1004-1005-1006 Affected: 1012-1005-1007-1002 Affected: 1012-1006-1007-1001 Affected: 1012-1008-1009-1000-FFFF Affected: 1014-1005-1009-1002 Affected: 1014-1007-1009-1001 Affected: 1014-1010-1010-1000-FFFF Affected: 1014Y-1007Y-1009Y-1001Y Affected: 1015-1006-1010-1003 Affected: 1015-1007-1007-1007 Affected: 1015-1007-1010-1001 Affected: 1015-1010-1011-1000-FFFF Affected: 1015Y-1007Y-1010Y-1001Y Affected: 1016-1007-1005-1001 Affected: 1016-1007-1011-1001 Affected: 1016-1007-1011-1003 Affected: 1016-1008-1007-1007 Affected: 1016Y-1007Y-1011Y-1001Y Affected: 1017-1008-1012-1002 Affected: 1017-1009-1008-1008 Affected: 1017-1011-1013-1001-FFFF Affected: 1017f-1011f-1013f-1001f-FFFF Affected: 1017Y-1008Y-1012Y-1002Y Affected: 1018-1008-1012-1004 Affected: 1019-1009-1013-1003 Affected: 1019-1010-1009-1009 Affected: 1019c-1012c-1014c-1001c-FFFF Affected: 1021-1011-1010-1009 Affected: 1022-1012-1011-1009 Affected: 1022-1014-1016-1002-FFFF Affected: 1022Y-1014Y-1016Y-1002Y-FFFF Affected: 1023-1013-1011-1009 Affected: 1023-1014-1017-1002-FFFF Affected: 1025-1014-1013-1009 Affected: 1026-1014-1014-1009 Affected: 1027-1014-1015-1009 Affected: S968-S968-S968-S968 Affected: V171P-V171P-V171P-V171P Affected: V189-V189-V189-V189 |
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34051",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T14:57:37.177556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:59:04.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Search.cgi endpoint",
"ip parameter",
"port parameter",
"queryb64str parameter"
],
"product": "DVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1001-1000-1001-1001"
},
{
"status": "affected",
"version": "1002-1000-1002-1001"
},
{
"status": "unaffected",
"version": "1002-1001-1000-1000"
},
{
"status": "affected",
"version": "1002-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1002-1001-1000"
},
{
"status": "affected",
"version": "1004-1002-1003-1000-FFFF"
},
{
"status": "affected",
"version": "1004V-1002V-1003V-1001V"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001EJ-1000Y"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001Y-1000Y"
},
{
"status": "affected",
"version": "1005-1002-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1004-1001"
},
{
"status": "affected",
"version": "1006-1001-1003-1004"
},
{
"status": "affected",
"version": "1006-1002-1003-1000"
},
{
"status": "affected",
"version": "1006Y-1002Y-1003Y-1000Y"
},
{
"status": "affected",
"version": "1007-1002-1004-1000"
},
{
"status": "affected",
"version": "1007-1003-1003-1002"
},
{
"status": "affected",
"version": "1007-1003-1005-1001"
},
{
"status": "affected",
"version": "1007E-1003E-1005EJ-1001E"
},
{
"status": "affected",
"version": "1007V-1003V-1005V-1001V"
},
{
"status": "affected",
"version": "1007Y-1002Y-1004Y-1000Y"
},
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1008-1004-1003-1002"
},
{
"status": "affected",
"version": "1009-1003-1005-1006"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009-1007-1007-1000-FFFF"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010-1005-1005-1002"
},
{
"status": "affected",
"version": "1011-1004-1005-1006"
},
{
"status": "affected",
"version": "1011-1005-1007-1001"
},
{
"status": "affected",
"version": "1011-1005-1007EJ-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1012-1004-1005-1006"
},
{
"status": "affected",
"version": "1012-1005-1007-1002"
},
{
"status": "affected",
"version": "1012-1006-1007-1001"
},
{
"status": "affected",
"version": "1012-1008-1009-1000-FFFF"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1014-1007-1009-1001"
},
{
"status": "affected",
"version": "1014-1010-1010-1000-FFFF"
},
{
"status": "affected",
"version": "1014Y-1007Y-1009Y-1001Y"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1015-1007-1007-1007"
},
{
"status": "affected",
"version": "1015-1007-1010-1001"
},
{
"status": "affected",
"version": "1015-1010-1011-1000-FFFF"
},
{
"status": "affected",
"version": "1015Y-1007Y-1010Y-1001Y"
},
{
"status": "affected",
"version": "1016-1007-1005-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1016-1008-1007-1007"
},
{
"status": "affected",
"version": "1016Y-1007Y-1011Y-1001Y"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017-1009-1008-1008"
},
{
"status": "affected",
"version": "1017-1011-1013-1001-FFFF"
},
{
"status": "affected",
"version": "1017f-1011f-1013f-1001f-FFFF"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019-1010-1009-1009"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1021-1011-1010-1009"
},
{
"status": "affected",
"version": "1022-1012-1011-1009"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1013-1011-1009"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
},
{
"status": "affected",
"version": "1025-1014-1013-1009"
},
{
"status": "affected",
"version": "1026-1014-1014-1009"
},
{
"status": "affected",
"version": "1027-1014-1015-1009"
},
{
"status": "affected",
"version": "S968-S968-S968-S968"
},
{
"status": "affected",
"version": "V171P-V171P-V171P-V171P"
},
{
"status": "affected",
"version": "V189-V189-V189-V189"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the \u003ccode\u003e/cgi-bin/nobody/Search.cgi?action=cgi_query\u003c/code\u003e endpoint without authentication. An attacker can manipulate the \u003ccode\u003eip\u003c/code\u003e, \u003ccode\u003eport\u003c/code\u003e, and \u003ccode\u003equeryb64str\u003c/code\u003e parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services."
}
],
"value": "A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:44:22.913Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH DVR Devices Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34051",
"datePublished": "2025-07-01T14:44:22.913Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T14:59:04.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34050 (GCVE-0-2025-34050)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:42 – Updated: 2025-07-01 18:45
VLAI?
Title
AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery
Summary
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVTECH | IP cameras |
Affected:
0
|
||||||||||||
|
||||||||||||||
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34050",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:44:55.395830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:45:06.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Management Interface (configuration endpoints)"
],
"product": "IP cameras",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web Management Interface (configuration endpoints)"
],
"product": "DVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web Management Interface (configuration endpoints)"
],
"product": "NVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user\u2019s browser session, allow unauthorized changes to the device configuration without user interaction."
}
],
"value": "A\u00a0cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user\u2019s browser session, allow unauthorized changes to the device configuration without user interaction."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:42:57.143Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34050",
"datePublished": "2025-07-01T14:42:57.143Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T18:45:06.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7029 (GCVE-0-2024-7029)
Vulnerability from cvelistv5 – Published: 2024-08-02 15:08 – Updated: 2025-01-09 19:22
VLAI?
Title
Command Injection in AVTech AVM1203 (IP Camera)
Summary
Commands can be injected over the network and executed without authentication.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTech | AVM1203 (IP Camera) |
Affected:
0 , ≤ FullImg-1023-1007-1011-1009
(custom)
|
Credits
Larry Cashdollar and Aline Eliovich of Akamai Technologies reported this vulnerability to CISA.
An anonymous third-party organization confirmed Akamai's report and identified specific affected products and firmware versions.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avtec:avm1203\\/ipcamera\\/:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "avm1203\\/ipcamera\\/",
"vendor": "avtec",
"versions": [
{
"lessThanOrEqual": "fullImg-1023-1007-1011-1009",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T15:18:01.228848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:22:30.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AVM1203 (IP Camera)",
"vendor": "AVTech",
"versions": [
{
"lessThanOrEqual": "FullImg-1023-1007-1011-1009",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Larry Cashdollar and Aline Eliovich of Akamai Technologies reported this vulnerability to CISA."
},
{
"lang": "en",
"type": "finder",
"value": "An anonymous third-party organization confirmed Akamai\u0027s report and identified specific affected products and firmware versions."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCommands can be injected over the network and executed without authentication.\u003c/span\u003e"
}
],
"value": "Commands can be injected over the network and executed without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T22:56:58.061Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07"
},
{
"url": "https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAVTECH SECURITY Corporation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.avtech.com.tw/ContactUs.aspx\"\u003eAVTECH\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;for additional information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVTECH SECURITY Corporation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact AVTECH https://www.avtech.com.tw/ContactUs.aspx \u00a0for additional information."
}
],
"source": {
"advisory": "ICSA-24-214-07",
"discovery": "EXTERNAL"
},
"title": "Command Injection in AVTech AVM1203 (IP Camera)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-7029",
"datePublished": "2024-08-02T15:08:35.991Z",
"dateReserved": "2024-07-23T16:19:10.205Z",
"dateUpdated": "2025-01-09T19:22:30.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4981 (GCVE-0-2013-4981)
Vulnerability from cvelistv5 – Published: 2014-03-03 16:00 – Updated: 2024-08-06 16:59
VLAI?
Summary
Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130828 CORE-2013-0726 - AVTECH DVR multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Aug/284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities"
},
{
"name": "96693",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-03T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130828 CORE-2013-0726 - AVTECH DVR multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Aug/284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities"
},
{
"name": "96693",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130828 CORE-2013-0726 - AVTECH DVR multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Aug/284"
},
{
"name": "http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities"
},
{
"name": "96693",
"refsource": "OSVDB",
"url": "http://osvdb.org/96693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4981",
"datePublished": "2014-03-03T16:00:00",
"dateReserved": "2013-07-29T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4980 (GCVE-0-2013-4980)
Vulnerability from cvelistv5 – Published: 2014-03-03 16:00 – Updated: 2024-08-06 16:59
VLAI?
Summary
Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130828 CORE-2013-0726 - AVTECH DVR multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Aug/284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities"
},
{
"name": "96692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-03T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130828 CORE-2013-0726 - AVTECH DVR multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Aug/284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities"
},
{
"name": "96692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130828 CORE-2013-0726 - AVTECH DVR multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Aug/284"
},
{
"name": "http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities"
},
{
"name": "96692",
"refsource": "OSVDB",
"url": "http://osvdb.org/96692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4980",
"datePublished": "2014-03-03T16:00:00",
"dateReserved": "2013-07-29T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3939 (GCVE-0-2008-3939)
Vulnerability from cvelistv5 – Published: 2008-09-05 15:00 – Updated: 2025-04-03 15:06
VLAI?
Summary
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:41.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30987"
},
{
"name": "31693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31693"
},
{
"name": "20080902 DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064227.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2008-3939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T15:06:22.224486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:06:33.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-05T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30987"
},
{
"name": "31693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31693"
},
{
"name": "20080902 DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064227.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30987"
},
{
"name": "31693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31693"
},
{
"name": "20080902 DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064227.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3939",
"datePublished": "2008-09-05T15:00:00.000Z",
"dateReserved": "2008-09-05T00:00:00.000Z",
"dateUpdated": "2025-04-03T15:06:33.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}