CVE-2025-34051 (GCVE-0-2025-34051)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:44 – Updated: 2025-07-01 14:59
VLAI?
Title
AVTECH DVR Devices Server-Side Request Forgery
Summary
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | DVR devices |
Affected:
1001-1000-1000-1000
Affected: 1001-1000-1001-1001 Affected: 1002-1000-1002-1001 Unaffected: 1002-1001-1000-1000 Affected: 1002-1001-1001-1001 Affected: 1004-1002-1001-1000 Affected: 1004-1002-1003-1000-FFFF Affected: 1004V-1002V-1003V-1001V Affected: 1004Y-1002Y-1001EJ-1000Y Affected: 1004Y-1002Y-1001Y-1000Y Affected: 1005-1002-1002-1000 Affected: 1005-1002-1004-1001 Affected: 1006-1001-1003-1004 Affected: 1006-1002-1003-1000 Affected: 1006Y-1002Y-1003Y-1000Y Affected: 1007-1002-1004-1000 Affected: 1007-1003-1003-1002 Affected: 1007-1003-1005-1001 Affected: 1007E-1003E-1005EJ-1001E Affected: 1007V-1003V-1005V-1001V Affected: 1007Y-1002Y-1004Y-1000Y Affected: 1008-1002-1005-1000 Affected: 1008-1004-1003-1002 Affected: 1009-1003-1005-1006 Affected: 1009-1003-1006-1001 Affected: 1009-1007-1007-1000-FFFF Affected: 1009Y-1003Y-1006Y-1001Y Affected: 1010-1004-1007-1001 Affected: 1010-1005-1005-1002 Affected: 1011-1004-1005-1006 Affected: 1011-1005-1007-1001 Affected: 1011-1005-1007EJ-1001 Affected: 1011-1005-1008-1002 Affected: 1012-1004-1005-1006 Affected: 1012-1005-1007-1002 Affected: 1012-1006-1007-1001 Affected: 1012-1008-1009-1000-FFFF Affected: 1014-1005-1009-1002 Affected: 1014-1007-1009-1001 Affected: 1014-1010-1010-1000-FFFF Affected: 1014Y-1007Y-1009Y-1001Y Affected: 1015-1006-1010-1003 Affected: 1015-1007-1007-1007 Affected: 1015-1007-1010-1001 Affected: 1015-1010-1011-1000-FFFF Affected: 1015Y-1007Y-1010Y-1001Y Affected: 1016-1007-1005-1001 Affected: 1016-1007-1011-1001 Affected: 1016-1007-1011-1003 Affected: 1016-1008-1007-1007 Affected: 1016Y-1007Y-1011Y-1001Y Affected: 1017-1008-1012-1002 Affected: 1017-1009-1008-1008 Affected: 1017-1011-1013-1001-FFFF Affected: 1017f-1011f-1013f-1001f-FFFF Affected: 1017Y-1008Y-1012Y-1002Y Affected: 1018-1008-1012-1004 Affected: 1019-1009-1013-1003 Affected: 1019-1010-1009-1009 Affected: 1019c-1012c-1014c-1001c-FFFF Affected: 1021-1011-1010-1009 Affected: 1022-1012-1011-1009 Affected: 1022-1014-1016-1002-FFFF Affected: 1022Y-1014Y-1016Y-1002Y-FFFF Affected: 1023-1013-1011-1009 Affected: 1023-1014-1017-1002-FFFF Affected: 1025-1014-1013-1009 Affected: 1026-1014-1014-1009 Affected: 1027-1014-1015-1009 Affected: S968-S968-S968-S968 Affected: V171P-V171P-V171P-V171P Affected: V189-V189-V189-V189 |
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34051",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T14:57:37.177556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:59:04.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Search.cgi endpoint",
"ip parameter",
"port parameter",
"queryb64str parameter"
],
"product": "DVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1001-1000-1001-1001"
},
{
"status": "affected",
"version": "1002-1000-1002-1001"
},
{
"status": "unaffected",
"version": "1002-1001-1000-1000"
},
{
"status": "affected",
"version": "1002-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1002-1001-1000"
},
{
"status": "affected",
"version": "1004-1002-1003-1000-FFFF"
},
{
"status": "affected",
"version": "1004V-1002V-1003V-1001V"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001EJ-1000Y"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001Y-1000Y"
},
{
"status": "affected",
"version": "1005-1002-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1004-1001"
},
{
"status": "affected",
"version": "1006-1001-1003-1004"
},
{
"status": "affected",
"version": "1006-1002-1003-1000"
},
{
"status": "affected",
"version": "1006Y-1002Y-1003Y-1000Y"
},
{
"status": "affected",
"version": "1007-1002-1004-1000"
},
{
"status": "affected",
"version": "1007-1003-1003-1002"
},
{
"status": "affected",
"version": "1007-1003-1005-1001"
},
{
"status": "affected",
"version": "1007E-1003E-1005EJ-1001E"
},
{
"status": "affected",
"version": "1007V-1003V-1005V-1001V"
},
{
"status": "affected",
"version": "1007Y-1002Y-1004Y-1000Y"
},
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1008-1004-1003-1002"
},
{
"status": "affected",
"version": "1009-1003-1005-1006"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009-1007-1007-1000-FFFF"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010-1005-1005-1002"
},
{
"status": "affected",
"version": "1011-1004-1005-1006"
},
{
"status": "affected",
"version": "1011-1005-1007-1001"
},
{
"status": "affected",
"version": "1011-1005-1007EJ-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1012-1004-1005-1006"
},
{
"status": "affected",
"version": "1012-1005-1007-1002"
},
{
"status": "affected",
"version": "1012-1006-1007-1001"
},
{
"status": "affected",
"version": "1012-1008-1009-1000-FFFF"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1014-1007-1009-1001"
},
{
"status": "affected",
"version": "1014-1010-1010-1000-FFFF"
},
{
"status": "affected",
"version": "1014Y-1007Y-1009Y-1001Y"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1015-1007-1007-1007"
},
{
"status": "affected",
"version": "1015-1007-1010-1001"
},
{
"status": "affected",
"version": "1015-1010-1011-1000-FFFF"
},
{
"status": "affected",
"version": "1015Y-1007Y-1010Y-1001Y"
},
{
"status": "affected",
"version": "1016-1007-1005-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1016-1008-1007-1007"
},
{
"status": "affected",
"version": "1016Y-1007Y-1011Y-1001Y"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017-1009-1008-1008"
},
{
"status": "affected",
"version": "1017-1011-1013-1001-FFFF"
},
{
"status": "affected",
"version": "1017f-1011f-1013f-1001f-FFFF"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019-1010-1009-1009"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1021-1011-1010-1009"
},
{
"status": "affected",
"version": "1022-1012-1011-1009"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1013-1011-1009"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
},
{
"status": "affected",
"version": "1025-1014-1013-1009"
},
{
"status": "affected",
"version": "1026-1014-1014-1009"
},
{
"status": "affected",
"version": "1027-1014-1015-1009"
},
{
"status": "affected",
"version": "S968-S968-S968-S968"
},
{
"status": "affected",
"version": "V171P-V171P-V171P-V171P"
},
{
"status": "affected",
"version": "V189-V189-V189-V189"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the \u003ccode\u003e/cgi-bin/nobody/Search.cgi?action=cgi_query\u003c/code\u003e endpoint without authentication. An attacker can manipulate the \u003ccode\u003eip\u003c/code\u003e, \u003ccode\u003eport\u003c/code\u003e, and \u003ccode\u003equeryb64str\u003c/code\u003e parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services."
}
],
"value": "A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:44:22.913Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH DVR Devices Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34051",
"datePublished": "2025-07-01T14:44:22.913Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T14:59:04.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-34051\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-07-01T15:15:23.467\",\"lastModified\":\"2025-07-03T15:14:12.767\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de server-side request forgery en varias versiones de firmware de los dispositivos AVTECH DVR que expone el endpoint /cgi-bin/nobody/Search.cgi?action=cgi_query sin autenticaci\u00f3n. Un atacante puede manipular los par\u00e1metros IP, puerto y queryb64str para realizar solicitudes HTTP arbitrarias desde el DVR a sistemas internos o externos, lo que podr\u00eda exponer datos confidenciales o interactuar con servicios internos.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://avtech.com/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40500\",\"source\":\"disclosure@vulncheck.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-34051\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-01T14:57:37.177556Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-01T14:54:53.451Z\"}}], \"cna\": {\"title\": \"AVTECH DVR Devices Server-Side Request Forgery\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gergely Eberhardt (SEARCH-LAB.hu)\"}], \"impacts\": [{\"capecId\": \"CAPEC-664\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-664 Server Side Request Forgery\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AVTECH\", \"modules\": [\"Search.cgi endpoint\", \"ip parameter\", \"port parameter\", \"queryb64str parameter\"], \"product\": \"DVR devices\", \"versions\": [{\"status\": \"affected\", \"version\": \"1001-1000-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1001-1000-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1002-1000-1002-1001\"}, {\"status\": \"unaffected\", \"version\": \"1002-1001-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1002-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1004-1002-1001-1000\"}, {\"status\": \"affected\", \"version\": \"1004-1002-1003-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1004V-1002V-1003V-1001V\"}, {\"status\": \"affected\", \"version\": \"1004Y-1002Y-1001EJ-1000Y\"}, {\"status\": \"affected\", \"version\": \"1004Y-1002Y-1001Y-1000Y\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1002-1000\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1004-1001\"}, {\"status\": \"affected\", \"version\": \"1006-1001-1003-1004\"}, {\"status\": \"affected\", \"version\": \"1006-1002-1003-1000\"}, {\"status\": \"affected\", \"version\": \"1006Y-1002Y-1003Y-1000Y\"}, {\"status\": \"affected\", \"version\": \"1007-1002-1004-1000\"}, {\"status\": \"affected\", \"version\": \"1007-1003-1003-1002\"}, {\"status\": \"affected\", \"version\": \"1007-1003-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1007E-1003E-1005EJ-1001E\"}, {\"status\": \"affected\", \"version\": \"1007V-1003V-1005V-1001V\"}, {\"status\": \"affected\", \"version\": \"1007Y-1002Y-1004Y-1000Y\"}, {\"status\": \"affected\", \"version\": \"1008-1002-1005-1000\"}, {\"status\": \"affected\", \"version\": \"1008-1004-1003-1002\"}, {\"status\": \"affected\", \"version\": \"1009-1003-1005-1006\"}, {\"status\": \"affected\", \"version\": \"1009-1003-1006-1001\"}, {\"status\": \"affected\", \"version\": \"1009-1007-1007-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1009Y-1003Y-1006Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1010-1004-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1010-1005-1005-1002\"}, {\"status\": \"affected\", \"version\": \"1011-1004-1005-1006\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1007EJ-1001\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1008-1002\"}, {\"status\": \"affected\", \"version\": \"1012-1004-1005-1006\"}, {\"status\": \"affected\", \"version\": \"1012-1005-1007-1002\"}, {\"status\": \"affected\", \"version\": \"1012-1006-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1012-1008-1009-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1014-1005-1009-1002\"}, {\"status\": \"affected\", \"version\": \"1014-1007-1009-1001\"}, {\"status\": \"affected\", \"version\": \"1014-1010-1010-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1014Y-1007Y-1009Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1010-1003\"}, {\"status\": \"affected\", \"version\": \"1015-1007-1007-1007\"}, {\"status\": \"affected\", \"version\": \"1015-1007-1010-1001\"}, {\"status\": \"affected\", \"version\": \"1015-1010-1011-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1015Y-1007Y-1010Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1011-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1011-1003\"}, {\"status\": \"affected\", \"version\": \"1016-1008-1007-1007\"}, {\"status\": \"affected\", \"version\": \"1016Y-1007Y-1011Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1017-1008-1012-1002\"}, {\"status\": \"affected\", \"version\": \"1017-1009-1008-1008\"}, {\"status\": \"affected\", \"version\": \"1017-1011-1013-1001-FFFF\"}, {\"status\": \"affected\", \"version\": \"1017f-1011f-1013f-1001f-FFFF\"}, {\"status\": \"affected\", \"version\": \"1017Y-1008Y-1012Y-1002Y\"}, {\"status\": \"affected\", \"version\": \"1018-1008-1012-1004\"}, {\"status\": \"affected\", \"version\": \"1019-1009-1013-1003\"}, {\"status\": \"affected\", \"version\": \"1019-1010-1009-1009\"}, {\"status\": \"affected\", \"version\": \"1019c-1012c-1014c-1001c-FFFF\"}, {\"status\": \"affected\", \"version\": \"1021-1011-1010-1009\"}, {\"status\": \"affected\", \"version\": \"1022-1012-1011-1009\"}, {\"status\": \"affected\", \"version\": \"1022-1014-1016-1002-FFFF\"}, {\"status\": \"affected\", \"version\": \"1022Y-1014Y-1016Y-1002Y-FFFF\"}, {\"status\": \"affected\", \"version\": \"1023-1013-1011-1009\"}, {\"status\": \"affected\", \"version\": \"1023-1014-1017-1002-FFFF\"}, {\"status\": \"affected\", \"version\": \"1025-1014-1013-1009\"}, {\"status\": \"affected\", \"version\": \"1026-1014-1014-1009\"}, {\"status\": \"affected\", \"version\": \"1027-1014-1015-1009\"}, {\"status\": \"affected\", \"version\": \"S968-S968-S968-S968\"}, {\"status\": \"affected\", \"version\": \"V171P-V171P-V171P-V171P\"}, {\"status\": \"affected\", \"version\": \"V189-V189-V189-V189\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/40500\", \"tags\": [\"exploit\"]}, {\"url\": \"https://avtech.com/\", \"tags\": [\"product\"]}, {\"url\": \"https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\", \"tags\": [\"third-party-advisory\", \"technical-description\"]}, {\"url\": \"https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\", \"tags\": [\"exploit\"]}, {\"url\": \"https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the \u003ccode\u003e/cgi-bin/nobody/Search.cgi?action=cgi_query\u003c/code\u003e endpoint without authentication. An attacker can manipulate the \u003ccode\u003eip\u003c/code\u003e, \u003ccode\u003eport\u003c/code\u003e, and \u003ccode\u003equeryb64str\u003c/code\u003e parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-07-01T14:44:22.913Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-34051\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-01T14:59:04.311Z\", \"dateReserved\": \"2025-04-15T19:15:22.548Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-07-01T14:44:22.913Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…