CVE-2025-34055 (GCVE-0-2025-34055)
Vulnerability from cvelistv5 – Published: 2025-07-01 14:46 – Updated: 2025-07-01 18:33
VLAI?
Title
AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
Summary
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Affected:
1001-1000-1000-1000
Affected: 1002-1000-1000-1000 Affected: 1002-1001-1001-1001 Affected: 1003-1000-1001-1000 Affected: 1003-1001-1001-1000 Affected: 1003-1001-1001-1001 Affected: 1004-1000-1000-1000 Affected: 1004-1001-1001-1001 Affected: 1004-1001-1002-1000 Affected: 1004-1002-1001-1000 Affected: 1004V-1002V-1003V-1001V Affected: 1004Y-1002Y-1001EJ-1000Y Affected: 1005-1001-1002-1000 Affected: 1005-1002-1001-1002 Affected: 1005-1002-1002-1000 Affected: 1005-1002-1004-1001 Affected: 1006-1001-1003-1000 Affected: 1006-1001-1003-1003 Affected: 1006-1002-1001-1002 Affected: 1006-1002-1003-1000 Affected: 1006R-1002R-1001R-1002R Affected: 1007-1001-1003-1000 Affected: 1007-1001-1003-1003 Affected: 1007-1002-1004-1000 Affected: 1007-1003-1005-1001 Affected: 1007E-1003E-1005EJ-1001E Affected: 1007V-1003V-1005V-1001V Affected: 1008-1001-1001-1001 Affected: 1008-1002-1002-1003 Affected: 1008-1002-1005-1000 Affected: 1008-1003-1005-1003 Affected: 1008-1004-1003-1002 Affected: 1009-1001-1002-1001 Affected: 1009-1001-1004-1000 Affected: 1009-1003-1006-1001 Affected: 1009-1004-1005-1006 Affected: 1009-1004-1006-1003 Affected: 1009Y-1003Y-1006Y-1001Y Affected: 1010-1001-1003-1001 Affected: 1010-1001-1004-1005 Affected: 1010-1002-1005-1000 Affected: 1010-1004-1007-1001 Affected: 1010-1005-1005-1002 Affected: 1011-1002-1004-1001 Affected: 1011-1002-1006-1000 Affected: 1011-1005-1007EJ-1001 Affected: 1011-1005-1008-1002 Affected: 1012-1002-1004-1001 Affected: 1012-1002-1006-1005 Affected: 1012-1002-1007-1004 Affected: 1012-1003-1001-1005 Affected: 1012-1003-1005-1005 Affected: 1012-1004-1008-1008 Affected: 1012-1008-1009-1000-FFFF Affected: 1013-1002-1006-1005 Affected: 1013-1003-1005-1001 Affected: 1013-1004-1008-1003 Affected: 1013-1004-1008-1008 Affected: 1014-1002-1007-1004 Affected: 1014-1003-1006-1001 Affected: 1014-1003-1006PL-1001 Affected: 1014-1003-1007-1001 Affected: 1014-1004-1008-1008 Affected: 1014-1005-1009-1002 Affected: 1014-1007-1009-1001 Affected: 1014L-1002L-1006L-1005L Affected: 1015-1006-1004-1002 Affected: 1015-1006-1005-1002 Affected: 1015-1006-1008-1002 Affected: 1015-1006-1008-1007 Affected: 1015-1006-1010-1003 Affected: 1015-1007-1007-1007 Affected: 1015K-1006K-1008PO-1002K Affected: 1015Y-1007Y-1010Y-1001Y Affected: 1016-1003-1007-1001 Affected: 1016-1004-1009-1009 Affected: 1016-1006-1008-1007 Affected: 1016-1007-1005-1001 Affected: 1016-1007-1009-1003 Affected: 1016-1007-1011-1001 Affected: 1016-1007-1011-1003 Affected: 1016-1008-1007-1007 Affected: 1016Y-1007Y-1011Y-1001Y Affected: 1017-1002-1008-1005 Affected: 1017-1003-1007-1002 Affected: 1017-1003-1008-1006 Affected: 1017-1008-1012-1002 Affected: 1017-1011-1013-1001-FFFF Affected: 1017k-1003k-1008k-1006k Affected: 1017Y-1008Y-1012Y-1002Y Affected: 1018-1003-1005-1004 Affected: 1018-1003-1007-1002 Affected: 1018-1003-1008-1003 Affected: 1018-1003-1008-1004 Affected: 1018-1003-1008PO-1003 Affected: 1018-1006-1009-1007 Affected: 1018-1007-1009-1003 Affected: 1018-1008-1012-1004 Affected: 1019-1003-1007-1002 Affected: 1019-1003-1008-1001 Affected: 1019-1004-1009-1007 Affected: 1019-1007-1009-1003 Affected: 1019-1009-1013-1003 Affected: 1019-1010-1009-1009 Affected: 1019c-1012c-1014c-1001c-FFFF Affected: 1020-1003-1008-1003 Affected: 1020-1003-1008-1004 Affected: 1020-1003-1010-1006 Affected: 1020-1004-1009-1007 Affected: 1020-1005-1011-1010 Affected: 1020-1005-1012-1007 Affected: 1020-1007-1008-1003 Affected: 1020-1007-1009-1003 Affected: 1021-1003-1008-1003 Affected: 1021-1003-1008-1004 Affected: 1021-1005-1011-1010 Affected: 1021-1007-1010-1003 Affected: 1021L-1003L-1010L-1006L Affected: 1021r-1004r-1009r-1007r Affected: 1022-1003-1008-1002 Affected: 1022-1004-1009-1007 Affected: 1022-1007-1012-1007 Affected: 1022-1012-1011-1009 Affected: 1022-1014-1016-1002-FFFF Affected: 1022L-1004L-1011L-1006L Affected: 1022L-1005L-1011L-1010L Affected: 1022Y-1014Y-1016Y-1002Y-FFFF Affected: 1023-1004-1010-1007 Affected: 1023-1014-1017-1002-FFFF Affected: 1025-1006-1013-1011 Affected: 1025-1008-1013-1008 Affected: 1025-1014-1013-1009 Affected: 1027-1008-1012-1008 Affected: 1027-1008-1013-1008 Affected: 1027-1014-1015-1009 Affected: 1027L-1006L-1015L-1009L Affected: 1028-1007-1014-1012 Affected: 1029-1007-1014-1008 Affected: 1030-1007-1014-1012 Affected: 1030-1008-1014-1008 Affected: 1031-1007-1015-1012 Affected: 1032-1007-1015-1008 Affected: 1032k-1007k-1015k-1008k Affected: 1036r-1008r-1016r-1009r Affected: 1037-1008-1017-1009 Affected: S749-S749-S749-S749 Affected: S820-S820-S820-S820 Affected: S823-S823-S823-S823 Affected: S855-S855-S855-S855 Affected: S914V-S914V-S914V-S914V Affected: S968-S968-S968-S968 Affected: S984-S984-S984-S984 Affected: T717-T717-T717-T717 |
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:33:10.541355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:33:20.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"cgi-bin/supervisor/adcommand.cgi",
"strCmd within DoShellCmd"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1001-1001-1001"
},
{
"status": "affected",
"version": "1003-1000-1001-1000"
},
{
"status": "affected",
"version": "1003-1001-1001-1000"
},
{
"status": "affected",
"version": "1003-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1000-1000-1000"
},
{
"status": "affected",
"version": "1004-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1001-1002-1000"
},
{
"status": "affected",
"version": "1004-1002-1001-1000"
},
{
"status": "affected",
"version": "1004V-1002V-1003V-1001V"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001EJ-1000Y"
},
{
"status": "affected",
"version": "1005-1001-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1001-1002"
},
{
"status": "affected",
"version": "1005-1002-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1004-1001"
},
{
"status": "affected",
"version": "1006-1001-1003-1000"
},
{
"status": "affected",
"version": "1006-1001-1003-1003"
},
{
"status": "affected",
"version": "1006-1002-1001-1002"
},
{
"status": "affected",
"version": "1006-1002-1003-1000"
},
{
"status": "affected",
"version": "1006R-1002R-1001R-1002R"
},
{
"status": "affected",
"version": "1007-1001-1003-1000"
},
{
"status": "affected",
"version": "1007-1001-1003-1003"
},
{
"status": "affected",
"version": "1007-1002-1004-1000"
},
{
"status": "affected",
"version": "1007-1003-1005-1001"
},
{
"status": "affected",
"version": "1007E-1003E-1005EJ-1001E"
},
{
"status": "affected",
"version": "1007V-1003V-1005V-1001V"
},
{
"status": "affected",
"version": "1008-1001-1001-1001"
},
{
"status": "affected",
"version": "1008-1002-1002-1003"
},
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1008-1003-1005-1003"
},
{
"status": "affected",
"version": "1008-1004-1003-1002"
},
{
"status": "affected",
"version": "1009-1001-1002-1001"
},
{
"status": "affected",
"version": "1009-1001-1004-1000"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009-1004-1005-1006"
},
{
"status": "affected",
"version": "1009-1004-1006-1003"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1001-1003-1001"
},
{
"status": "affected",
"version": "1010-1001-1004-1005"
},
{
"status": "affected",
"version": "1010-1002-1005-1000"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010-1005-1005-1002"
},
{
"status": "affected",
"version": "1011-1002-1004-1001"
},
{
"status": "affected",
"version": "1011-1002-1006-1000"
},
{
"status": "affected",
"version": "1011-1005-1007EJ-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1012-1002-1004-1001"
},
{
"status": "affected",
"version": "1012-1002-1006-1005"
},
{
"status": "affected",
"version": "1012-1002-1007-1004"
},
{
"status": "affected",
"version": "1012-1003-1001-1005"
},
{
"status": "affected",
"version": "1012-1003-1005-1005"
},
{
"status": "affected",
"version": "1012-1004-1008-1008"
},
{
"status": "affected",
"version": "1012-1008-1009-1000-FFFF"
},
{
"status": "affected",
"version": "1013-1002-1006-1005"
},
{
"status": "affected",
"version": "1013-1003-1005-1001"
},
{
"status": "affected",
"version": "1013-1004-1008-1003"
},
{
"status": "affected",
"version": "1013-1004-1008-1008"
},
{
"status": "affected",
"version": "1014-1002-1007-1004"
},
{
"status": "affected",
"version": "1014-1003-1006-1001"
},
{
"status": "affected",
"version": "1014-1003-1006PL-1001"
},
{
"status": "affected",
"version": "1014-1003-1007-1001"
},
{
"status": "affected",
"version": "1014-1004-1008-1008"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1014-1007-1009-1001"
},
{
"status": "affected",
"version": "1014L-1002L-1006L-1005L"
},
{
"status": "affected",
"version": "1015-1006-1004-1002"
},
{
"status": "affected",
"version": "1015-1006-1005-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1007"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1015-1007-1007-1007"
},
{
"status": "affected",
"version": "1015K-1006K-1008PO-1002K"
},
{
"status": "affected",
"version": "1015Y-1007Y-1010Y-1001Y"
},
{
"status": "affected",
"version": "1016-1003-1007-1001"
},
{
"status": "affected",
"version": "1016-1004-1009-1009"
},
{
"status": "affected",
"version": "1016-1006-1008-1007"
},
{
"status": "affected",
"version": "1016-1007-1005-1001"
},
{
"status": "affected",
"version": "1016-1007-1009-1003"
},
{
"status": "affected",
"version": "1016-1007-1011-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1016-1008-1007-1007"
},
{
"status": "affected",
"version": "1016Y-1007Y-1011Y-1001Y"
},
{
"status": "affected",
"version": "1017-1002-1008-1005"
},
{
"status": "affected",
"version": "1017-1003-1007-1002"
},
{
"status": "affected",
"version": "1017-1003-1008-1006"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017-1011-1013-1001-FFFF"
},
{
"status": "affected",
"version": "1017k-1003k-1008k-1006k"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1003-1005-1004"
},
{
"status": "affected",
"version": "1018-1003-1007-1002"
},
{
"status": "affected",
"version": "1018-1003-1008-1003"
},
{
"status": "affected",
"version": "1018-1003-1008-1004"
},
{
"status": "affected",
"version": "1018-1003-1008PO-1003"
},
{
"status": "affected",
"version": "1018-1006-1009-1007"
},
{
"status": "affected",
"version": "1018-1007-1009-1003"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1003-1007-1002"
},
{
"status": "affected",
"version": "1019-1003-1008-1001"
},
{
"status": "affected",
"version": "1019-1004-1009-1007"
},
{
"status": "affected",
"version": "1019-1007-1009-1003"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019-1010-1009-1009"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1020-1003-1008-1003"
},
{
"status": "affected",
"version": "1020-1003-1008-1004"
},
{
"status": "affected",
"version": "1020-1003-1010-1006"
},
{
"status": "affected",
"version": "1020-1004-1009-1007"
},
{
"status": "affected",
"version": "1020-1005-1011-1010"
},
{
"status": "affected",
"version": "1020-1005-1012-1007"
},
{
"status": "affected",
"version": "1020-1007-1008-1003"
},
{
"status": "affected",
"version": "1020-1007-1009-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1004"
},
{
"status": "affected",
"version": "1021-1005-1011-1010"
},
{
"status": "affected",
"version": "1021-1007-1010-1003"
},
{
"status": "affected",
"version": "1021L-1003L-1010L-1006L"
},
{
"status": "affected",
"version": "1021r-1004r-1009r-1007r"
},
{
"status": "affected",
"version": "1022-1003-1008-1002"
},
{
"status": "affected",
"version": "1022-1004-1009-1007"
},
{
"status": "affected",
"version": "1022-1007-1012-1007"
},
{
"status": "affected",
"version": "1022-1012-1011-1009"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022L-1004L-1011L-1006L"
},
{
"status": "affected",
"version": "1022L-1005L-1011L-1010L"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1004-1010-1007"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
},
{
"status": "affected",
"version": "1025-1006-1013-1011"
},
{
"status": "affected",
"version": "1025-1008-1013-1008"
},
{
"status": "affected",
"version": "1025-1014-1013-1009"
},
{
"status": "affected",
"version": "1027-1008-1012-1008"
},
{
"status": "affected",
"version": "1027-1008-1013-1008"
},
{
"status": "affected",
"version": "1027-1014-1015-1009"
},
{
"status": "affected",
"version": "1027L-1006L-1015L-1009L"
},
{
"status": "affected",
"version": "1028-1007-1014-1012"
},
{
"status": "affected",
"version": "1029-1007-1014-1008"
},
{
"status": "affected",
"version": "1030-1007-1014-1012"
},
{
"status": "affected",
"version": "1030-1008-1014-1008"
},
{
"status": "affected",
"version": "1031-1007-1015-1012"
},
{
"status": "affected",
"version": "1032-1007-1015-1008"
},
{
"status": "affected",
"version": "1032k-1007k-1015k-1008k"
},
{
"status": "affected",
"version": "1036r-1008r-1016r-1009r"
},
{
"status": "affected",
"version": "1037-1008-1017-1009"
},
{
"status": "affected",
"version": "S749-S749-S749-S749"
},
{
"status": "affected",
"version": "S820-S820-S820-S820"
},
{
"status": "affected",
"version": "S823-S823-S823-S823"
},
{
"status": "affected",
"version": "S855-S855-S855-S855"
},
{
"status": "affected",
"version": "S914V-S914V-S914V-S914V"
},
{
"status": "affected",
"version": "S968-S968-S968-S968"
},
{
"status": "affected",
"version": "S984-S984-S984-S984"
},
{
"status": "affected",
"version": "T717-T717-T717-T717"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the \u003ccode\u003eadcommand.cgi\u003c/code\u003e endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the \u003ccode\u003eDoShellCmd\u003c/code\u003e operation, passing arbitrary input via the \u003ccode\u003estrCmd\u003c/code\u003e parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."
}
],
"value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:46:38.848Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34055",
"datePublished": "2025-07-01T14:46:38.848Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T18:33:20.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-34055\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-07-01T15:15:24.053\",\"lastModified\":\"2025-07-03T15:14:12.767\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en los dispositivos AVTECH DVR, NVR, e IP camera dentro del endpoint adcommand.cgi, que interact\u00faa con el daemon ActionD. Los usuarios autenticados pueden invocar la operaci\u00f3n DoShellCmd, pasando una entrada arbitraria mediante el par\u00e1metro strCmd. Esta entrada es ejecutada directamente por el shell del sistema sin sanear, lo que permite a los atacantes ejecutar comandos como usuario root.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://avtech.com/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40500\",\"source\":\"disclosure@vulncheck.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-34055\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-01T18:33:10.541355Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-01T18:33:17.019Z\"}}], \"cna\": {\"title\": \"AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gergely Eberhardt (SEARCH-LAB.hu)\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}, {\"capecId\": \"CAPEC-137\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-137 Parameter Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.4, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AVTECH\", \"modules\": [\"cgi-bin/supervisor/adcommand.cgi\", \"strCmd within DoShellCmd\"], \"product\": \"IP camera, DVR, and NVR Devices\", \"versions\": [{\"status\": \"affected\", \"version\": \"1001-1000-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1002-1000-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1002-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1003-1000-1001-1000\"}, {\"status\": \"affected\", \"version\": \"1003-1001-1001-1000\"}, {\"status\": \"affected\", \"version\": \"1003-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1004-1000-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1004-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1004-1001-1002-1000\"}, {\"status\": \"affected\", \"version\": \"1004-1002-1001-1000\"}, {\"status\": \"affected\", \"version\": \"1004V-1002V-1003V-1001V\"}, {\"status\": \"affected\", \"version\": \"1004Y-1002Y-1001EJ-1000Y\"}, {\"status\": \"affected\", \"version\": \"1005-1001-1002-1000\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1001-1002\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1002-1000\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1004-1001\"}, {\"status\": \"affected\", \"version\": \"1006-1001-1003-1000\"}, {\"status\": \"affected\", \"version\": \"1006-1001-1003-1003\"}, {\"status\": \"affected\", \"version\": \"1006-1002-1001-1002\"}, {\"status\": \"affected\", \"version\": \"1006-1002-1003-1000\"}, {\"status\": \"affected\", \"version\": \"1006R-1002R-1001R-1002R\"}, {\"status\": \"affected\", \"version\": \"1007-1001-1003-1000\"}, {\"status\": \"affected\", \"version\": \"1007-1001-1003-1003\"}, {\"status\": \"affected\", \"version\": \"1007-1002-1004-1000\"}, {\"status\": \"affected\", \"version\": \"1007-1003-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1007E-1003E-1005EJ-1001E\"}, {\"status\": \"affected\", \"version\": \"1007V-1003V-1005V-1001V\"}, {\"status\": \"affected\", \"version\": \"1008-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1008-1002-1002-1003\"}, {\"status\": \"affected\", \"version\": \"1008-1002-1005-1000\"}, {\"status\": \"affected\", \"version\": \"1008-1003-1005-1003\"}, {\"status\": \"affected\", \"version\": \"1008-1004-1003-1002\"}, {\"status\": \"affected\", \"version\": \"1009-1001-1002-1001\"}, {\"status\": \"affected\", \"version\": \"1009-1001-1004-1000\"}, {\"status\": \"affected\", \"version\": \"1009-1003-1006-1001\"}, {\"status\": \"affected\", \"version\": \"1009-1004-1005-1006\"}, {\"status\": \"affected\", \"version\": \"1009-1004-1006-1003\"}, {\"status\": \"affected\", \"version\": \"1009Y-1003Y-1006Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1010-1001-1003-1001\"}, {\"status\": \"affected\", \"version\": \"1010-1001-1004-1005\"}, {\"status\": \"affected\", \"version\": \"1010-1002-1005-1000\"}, {\"status\": \"affected\", \"version\": \"1010-1004-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1010-1005-1005-1002\"}, {\"status\": \"affected\", \"version\": \"1011-1002-1004-1001\"}, {\"status\": \"affected\", \"version\": \"1011-1002-1006-1000\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1007EJ-1001\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1008-1002\"}, {\"status\": \"affected\", \"version\": \"1012-1002-1004-1001\"}, {\"status\": \"affected\", \"version\": \"1012-1002-1006-1005\"}, {\"status\": \"affected\", \"version\": \"1012-1002-1007-1004\"}, {\"status\": \"affected\", \"version\": \"1012-1003-1001-1005\"}, {\"status\": \"affected\", \"version\": \"1012-1003-1005-1005\"}, {\"status\": \"affected\", \"version\": \"1012-1004-1008-1008\"}, {\"status\": \"affected\", \"version\": \"1012-1008-1009-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1013-1002-1006-1005\"}, {\"status\": \"affected\", \"version\": \"1013-1003-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1013-1004-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1013-1004-1008-1008\"}, {\"status\": \"affected\", \"version\": \"1014-1002-1007-1004\"}, {\"status\": \"affected\", \"version\": \"1014-1003-1006-1001\"}, {\"status\": \"affected\", \"version\": \"1014-1003-1006PL-1001\"}, {\"status\": \"affected\", \"version\": \"1014-1003-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1014-1004-1008-1008\"}, {\"status\": \"affected\", \"version\": \"1014-1005-1009-1002\"}, {\"status\": \"affected\", \"version\": \"1014-1007-1009-1001\"}, {\"status\": \"affected\", \"version\": \"1014L-1002L-1006L-1005L\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1004-1002\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1005-1002\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1008-1002\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1008-1007\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1010-1003\"}, {\"status\": \"affected\", \"version\": \"1015-1007-1007-1007\"}, {\"status\": \"affected\", \"version\": \"1015K-1006K-1008PO-1002K\"}, {\"status\": \"affected\", \"version\": \"1015Y-1007Y-1010Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1016-1003-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1004-1009-1009\"}, {\"status\": \"affected\", \"version\": \"1016-1006-1008-1007\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1009-1003\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1011-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1011-1003\"}, {\"status\": \"affected\", \"version\": \"1016-1008-1007-1007\"}, {\"status\": \"affected\", \"version\": \"1016Y-1007Y-1011Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1017-1002-1008-1005\"}, {\"status\": \"affected\", \"version\": \"1017-1003-1007-1002\"}, {\"status\": \"affected\", \"version\": \"1017-1003-1008-1006\"}, {\"status\": \"affected\", \"version\": \"1017-1008-1012-1002\"}, {\"status\": \"affected\", \"version\": \"1017-1011-1013-1001-FFFF\"}, {\"status\": \"affected\", \"version\": \"1017k-1003k-1008k-1006k\"}, {\"status\": \"affected\", \"version\": \"1017Y-1008Y-1012Y-1002Y\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1005-1004\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1007-1002\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1008-1004\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1008PO-1003\"}, {\"status\": \"affected\", \"version\": \"1018-1006-1009-1007\"}, {\"status\": \"affected\", \"version\": \"1018-1007-1009-1003\"}, {\"status\": \"affected\", \"version\": \"1018-1008-1012-1004\"}, {\"status\": \"affected\", \"version\": \"1019-1003-1007-1002\"}, {\"status\": \"affected\", \"version\": \"1019-1003-1008-1001\"}, {\"status\": \"affected\", \"version\": \"1019-1004-1009-1007\"}, {\"status\": \"affected\", \"version\": \"1019-1007-1009-1003\"}, {\"status\": \"affected\", \"version\": \"1019-1009-1013-1003\"}, {\"status\": \"affected\", \"version\": \"1019-1010-1009-1009\"}, {\"status\": \"affected\", \"version\": \"1019c-1012c-1014c-1001c-FFFF\"}, {\"status\": \"affected\", \"version\": \"1020-1003-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1020-1003-1008-1004\"}, {\"status\": \"affected\", \"version\": \"1020-1003-1010-1006\"}, {\"status\": \"affected\", \"version\": \"1020-1004-1009-1007\"}, {\"status\": \"affected\", \"version\": \"1020-1005-1011-1010\"}, {\"status\": \"affected\", \"version\": \"1020-1005-1012-1007\"}, {\"status\": \"affected\", \"version\": \"1020-1007-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1020-1007-1009-1003\"}, {\"status\": \"affected\", \"version\": \"1021-1003-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1021-1003-1008-1004\"}, {\"status\": \"affected\", \"version\": \"1021-1005-1011-1010\"}, {\"status\": \"affected\", \"version\": \"1021-1007-1010-1003\"}, {\"status\": \"affected\", \"version\": \"1021L-1003L-1010L-1006L\"}, {\"status\": \"affected\", \"version\": \"1021r-1004r-1009r-1007r\"}, {\"status\": \"affected\", \"version\": \"1022-1003-1008-1002\"}, {\"status\": \"affected\", \"version\": \"1022-1004-1009-1007\"}, {\"status\": \"affected\", \"version\": \"1022-1007-1012-1007\"}, {\"status\": \"affected\", \"version\": \"1022-1012-1011-1009\"}, {\"status\": \"affected\", \"version\": \"1022-1014-1016-1002-FFFF\"}, {\"status\": \"affected\", \"version\": \"1022L-1004L-1011L-1006L\"}, {\"status\": \"affected\", \"version\": \"1022L-1005L-1011L-1010L\"}, {\"status\": \"affected\", \"version\": \"1022Y-1014Y-1016Y-1002Y-FFFF\"}, {\"status\": \"affected\", \"version\": \"1023-1004-1010-1007\"}, {\"status\": \"affected\", \"version\": \"1023-1014-1017-1002-FFFF\"}, {\"status\": \"affected\", \"version\": \"1025-1006-1013-1011\"}, {\"status\": \"affected\", \"version\": \"1025-1008-1013-1008\"}, {\"status\": \"affected\", \"version\": \"1025-1014-1013-1009\"}, {\"status\": \"affected\", \"version\": \"1027-1008-1012-1008\"}, {\"status\": \"affected\", \"version\": \"1027-1008-1013-1008\"}, {\"status\": \"affected\", \"version\": \"1027-1014-1015-1009\"}, {\"status\": \"affected\", \"version\": \"1027L-1006L-1015L-1009L\"}, {\"status\": \"affected\", \"version\": \"1028-1007-1014-1012\"}, {\"status\": \"affected\", \"version\": \"1029-1007-1014-1008\"}, {\"status\": \"affected\", \"version\": \"1030-1007-1014-1012\"}, {\"status\": \"affected\", \"version\": \"1030-1008-1014-1008\"}, {\"status\": \"affected\", \"version\": \"1031-1007-1015-1012\"}, {\"status\": \"affected\", \"version\": \"1032-1007-1015-1008\"}, {\"status\": \"affected\", \"version\": \"1032k-1007k-1015k-1008k\"}, {\"status\": \"affected\", \"version\": \"1036r-1008r-1016r-1009r\"}, {\"status\": \"affected\", \"version\": \"1037-1008-1017-1009\"}, {\"status\": \"affected\", \"version\": \"S749-S749-S749-S749\"}, {\"status\": \"affected\", \"version\": \"S820-S820-S820-S820\"}, {\"status\": \"affected\", \"version\": \"S823-S823-S823-S823\"}, {\"status\": \"affected\", \"version\": \"S855-S855-S855-S855\"}, {\"status\": \"affected\", \"version\": \"S914V-S914V-S914V-S914V\"}, {\"status\": \"affected\", \"version\": \"S968-S968-S968-S968\"}, {\"status\": \"affected\", \"version\": \"S984-S984-S984-S984\"}, {\"status\": \"affected\", \"version\": \"T717-T717-T717-T717\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/40500\", \"tags\": [\"exploit\"]}, {\"url\": \"https://avtech.com/\", \"tags\": [\"product\"]}, {\"url\": \"https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\", \"tags\": [\"third-party-advisory\", \"technical-description\"]}, {\"url\": \"https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\", \"tags\": [\"exploit\"]}, {\"url\": \"https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the \u003ccode\u003eadcommand.cgi\u003c/code\u003e endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the \u003ccode\u003eDoShellCmd\u003c/code\u003e operation, passing arbitrary input via the \u003ccode\u003estrCmd\u003c/code\u003e parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-07-01T14:46:38.848Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-34055\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-01T18:33:20.804Z\", \"dateReserved\": \"2025-04-15T19:15:22.548Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-07-01T14:46:38.848Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…