Vulnerabilites related to AVTECH - IP camera, DVR, and NVR Devices
CVE-2025-34053 (GCVE-0-2025-34053)
Vulnerability from cvelistv5
Published
2025-07-01 14:45
Modified
2025-07-01 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR devices |
Version: 1000-1000-1000-1000 Version: 1000C-1000C-1000C-1000C Version: 1001-1000-1000-1000 Version: 1001-1001-1000-1000 Version: 1002-1000-1000-1000 Version: 1002-1002-1000-1002 Version: 1002D-1000D-1000D-1000D Version: 1003-1000-1000-1001 Version: 1003-1001-1001-1000 Version: 1003-1002-1001-1000 Version: 1004-1000-1000-1000 Version: 1004-1001-1001-1001 Version: 1004-1003-1001-1002 Version: 1004-1003-1002-1001 Version: 1004A-1001A-1002A-1000A Version: 1005-1002-1001-1002 Version: 1005-1003-1001-1002 Version: 1005-1004-1002-1001 Version: 1005A-1001A-1002A-1001A Version: 1005D-1001D-1002D-1001D Version: 1006-1002-1001-1002 Version: 1006-1004-1003-1001 Version: 1007-1001-1003-1001 Version: 1007-1001-1004-1003 Version: 1007-1002-1001-1003 Version: 1007-1002-1003-1002 Version: 1007-1004-1003-1001 Version: 1008-1001-1003-1002 Version: 1008-1004-1004-1001 Version: 1008D-1003D-1004D-1002D Version: 1008J-1004J-1004J-1001J Version: 1009-1001-1004-1001 Version: 1009-1002-1005-1003 Version: 1009-1003-1005-1002 Version: 1010-1001-1004-1001 Version: 1010-1001-1004-1002 Version: 1010-1003-1005-1002 Version: 1010-1003-1006-1003 Version: 1010-1003-1006-1004 Version: 1010-1004-1007-1001 Version: 1010J-1001J-1004J-1001J Version: 1010N-1003N-1005N-1002N Version: 1011-1001-1002A-1002 Version: 1011-1001-1002D-1002 Version: 1011-1001-1003-1002 Version: 1011-1001-1004-1002 Version: 1011-1001-1005-1002 Version: 1011-1004-1005-1002 Version: 1012-1001-1005-1002 Version: 1012-1001-1005-1003 Version: 1012-1001-1005PO-1002 Version: 1012-1003-1007-1002 Version: 1012-1003-1007-1004 Version: 1013-1001-1005-1003 Version: 1013-1002-1006-1002 Version: 1013-1003-1008-1003 Version: 1013-1004-1008-1004 Version: 1013-1005-1005-1002 Version: 1013-1005-1007-1002 Version: 1013K-1005K-1007PO-1002K Version: 1014-1002-1006-1002 Version: 1014-1002-1006-1003 Version: 1014-1003-1008-1003 Version: 1014-1005-1008-1002 Version: 1014B-1002B-1006B-1002B Version: 1015-1001-1006-1003 Version: 1015-1002-1006-1003 Version: 1015-1002-1007-1002 Version: 1015-1003-1008-1003 Version: 1015-1005-1009-1004 Version: 1015-1006-1004-1002 Version: 1015-1006-1005-1002 Version: 1015-1006-1008-1002 Version: 1015C-1004C-1003C-1005C Version: 1015K-1006K-1008PO-1002K Version: 1016-1002-1007-1002 Version: 1016-1006-1013-1002 Version: 1016-1007-1009-1003 Version: 1016-1007-1011-1003 Version: 1017-1002-1007-1003 Version: 1017-1003-1007-1003 Version: 1017-1003-1009-1003 Version: 1017-1005-1004-1005 Version: 1017-1006-1013-1002 Version: 1017-1013-1014-1005 Version: 1018-1003-1005-1004 Version: 1018-1003-1008-1003 Version: 1018-1003-1008-1004 Version: 1018-1003-1008PO-1003 Version: 1018-1004-1005-1005 Version: 1018-1007-1009-1003 Version: 1018-1012-1011-1010 Version: 1019-1004-1006-1005 Version: 1019-1007-1009-1003 Version: 1020-1003-1008-1003 Version: 1020-1003-1008-1004 Version: 1020-1004-1007-1006 Version: 1020-1007-1008-1003 Version: 1020-1007-1009-1003 Version: 1021-1003-1008-1003 Version: 1021-1003-1008-1004 Version: 1021-1005-1006-1005 Version: 1021-1005-1008-1006 Version: 1021-1006-1015-1002 Version: 1021-1007-1010-1003 Version: 1022-1005-1007-1005 Version: 1022-1005-1009-1007 Version: 1022-1006-1015-1002 Version: 1022-1013-1014-1010 Version: 1022-1014-1016-1002-FFFF Version: 1022Y-1014Y-1016Y-1002Y-FFFF Version: 1023-1005-1008-1006 Version: 1023-1007-1016-1003 Version: 1024-1019-1019-1007 Version: 1025-1006-1010-1007 Version: 1025-1017-1017-1011 Version: 1027-1007-1019-1003 Version: 1027-1021-1021-1008 Version: 1028-1021-1022-1008 Version: 1031-1007-1022-1003 Version: 1032-1022-1024-1008 Version: 1033-1018-1021-1012 Version: 1035-1005-1005-1004 Version: 1035-1005-1005-1005 Version: 1035-1005-1005-1005P Version: 1035-1007-1024-1003 Version: 1035-1024-1025-1008 Version: 1036-1005-1006-1005 Version: 1036-1007-1024-1003 Version: 1036-1014-1016-1016 Version: 1037-1024-1027-1008 Version: 1037-1025-1027-1008 Version: 1038-1021-1024-1012 Version: 1038-1021-1024-1012-A5 Version: 1038-1025-1028-1008 Version: 1039-1005-1008-1004 Version: 1039-1005-1008-1005 Version: 1039-1014-1017-1016 Version: 1039D-1014D-1017D-1016D Version: 1040-1026-1029-1008 Version: 1041-1005-1009-1005 Version: 1042-1026-1030-1008 Version: 1044-1026-1030-1008 Version: 1044-1026-1031-1008 Version: 1045-1015-1020-1018 Version: 1046-1027-1032-1008 Version: 1047-1027-1031-1008 Version: 1049-1027-1033-1008 Version: 1050-1027-1034-1008 Version: 1050-1027-1036-1008 Version: 1051-1027-1035-1008 Version: 1051CZ-1028-1037-1008 Version: 1052-1027-1034-1008 Version: 1052-1028-1038-1008 Version: 1052A-1028-1038A-1008 Version: 1054-1027-1036-1008 Version: 1054-1028-1036-1008 Version: 1055-1028-1036-1008 Version: 1056-1028-1037-1008 Version: 1058-1028-1039-1008 Version: 1062-1028-1041-1008 Version: 1065-1029-1043-1008 Version: 1068-1029-1043-1008 Version: 1069-1029-1043-1008 Version: 1071-1029-1044-1008 Version: 1077-1017-1035-1007 Version: 1077-1017-1035-1007-A6 Version: 1077-1017-1035-1007-D4 Version: 1077-1017-1035-1007-D705FF Version: 1078-1017-1036-1007 Version: 1078-1017-1036-1007-A6 Version: 1078-1017-1036-1007-D707FF Version: 1079-1017-1037-1007 Version: 1079-1017-1037-1007-D4 Version: 1W77-1W17-1W35-1W07-A6 Version: A077-1017-A035-1007 Version: A077-1017-A035-1007-A6 Version: A1035-1024-A1025-1008 Version: A1038-1025-A1028-1008-D4 Version: S681-S681-S681-S681 Version: S749-S749-S749-S749 Version: S818-S818-S818-S818 Version: S820-S820-S820-S820 Version: S823-S823-S823-S823 Version: S914V-S914V-S914V-S914V Version: S984-S984-S984-S984 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34053",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:46:03.365792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:46:09.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"streamd web server",
"request URL parameter"
],
"product": "IP camera, DVR, and NVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1000-1000-1000-1000"
},
{
"status": "affected",
"version": "1000C-1000C-1000C-1000C"
},
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1001-1001-1000-1000"
},
{
"status": "affected",
"version": "1002-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1002-1000-1002"
},
{
"status": "affected",
"version": "1002D-1000D-1000D-1000D"
},
{
"status": "affected",
"version": "1003-1000-1000-1001"
},
{
"status": "affected",
"version": "1003-1001-1001-1000"
},
{
"status": "affected",
"version": "1003-1002-1001-1000"
},
{
"status": "affected",
"version": "1004-1000-1000-1000"
},
{
"status": "affected",
"version": "1004-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1003-1001-1002"
},
{
"status": "affected",
"version": "1004-1003-1002-1001"
},
{
"status": "affected",
"version": "1004A-1001A-1002A-1000A"
},
{
"status": "affected",
"version": "1005-1002-1001-1002"
},
{
"status": "affected",
"version": "1005-1003-1001-1002"
},
{
"status": "affected",
"version": "1005-1004-1002-1001"
},
{
"status": "affected",
"version": "1005A-1001A-1002A-1001A"
},
{
"status": "affected",
"version": "1005D-1001D-1002D-1001D"
},
{
"status": "affected",
"version": "1006-1002-1001-1002"
},
{
"status": "affected",
"version": "1006-1004-1003-1001"
},
{
"status": "affected",
"version": "1007-1001-1003-1001"
},
{
"status": "affected",
"version": "1007-1001-1004-1003"
},
{
"status": "affected",
"version": "1007-1002-1001-1003"
},
{
"status": "affected",
"version": "1007-1002-1003-1002"
},
{
"status": "affected",
"version": "1007-1004-1003-1001"
},
{
"status": "affected",
"version": "1008-1001-1003-1002"
},
{
"status": "affected",
"version": "1008-1004-1004-1001"
},
{
"status": "affected",
"version": "1008D-1003D-1004D-1002D"
},
{
"status": "affected",
"version": "1008J-1004J-1004J-1001J"
},
{
"status": "affected",
"version": "1009-1001-1004-1001"
},
{
"status": "affected",
"version": "1009-1002-1005-1003"
},
{
"status": "affected",
"version": "1009-1003-1005-1002"
},
{
"status": "affected",
"version": "1010-1001-1004-1001"
},
{
"status": "affected",
"version": "1010-1001-1004-1002"
},
{
"status": "affected",
"version": "1010-1003-1005-1002"
},
{
"status": "affected",
"version": "1010-1003-1006-1003"
},
{
"status": "affected",
"version": "1010-1003-1006-1004"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010J-1001J-1004J-1001J"
},
{
"status": "affected",
"version": "1010N-1003N-1005N-1002N"
},
{
"status": "affected",
"version": "1011-1001-1002A-1002"
},
{
"status": "affected",
"version": "1011-1001-1002D-1002"
},
{
"status": "affected",
"version": "1011-1001-1003-1002"
},
{
"status": "affected",
"version": "1011-1001-1004-1002"
},
{
"status": "affected",
"version": "1011-1001-1005-1002"
},
{
"status": "affected",
"version": "1011-1004-1005-1002"
},
{
"status": "affected",
"version": "1012-1001-1005-1002"
},
{
"status": "affected",
"version": "1012-1001-1005-1003"
},
{
"status": "affected",
"version": "1012-1001-1005PO-1002"
},
{
"status": "affected",
"version": "1012-1003-1007-1002"
},
{
"status": "affected",
"version": "1012-1003-1007-1004"
},
{
"status": "affected",
"version": "1013-1001-1005-1003"
},
{
"status": "affected",
"version": "1013-1002-1006-1002"
},
{
"status": "affected",
"version": "1013-1003-1008-1003"
},
{
"status": "affected",
"version": "1013-1004-1008-1004"
},
{
"status": "affected",
"version": "1013-1005-1005-1002"
},
{
"status": "affected",
"version": "1013-1005-1007-1002"
},
{
"status": "affected",
"version": "1013K-1005K-1007PO-1002K"
},
{
"status": "affected",
"version": "1014-1002-1006-1002"
},
{
"status": "affected",
"version": "1014-1002-1006-1003"
},
{
"status": "affected",
"version": "1014-1003-1008-1003"
},
{
"status": "affected",
"version": "1014-1005-1008-1002"
},
{
"status": "affected",
"version": "1014B-1002B-1006B-1002B"
},
{
"status": "affected",
"version": "1015-1001-1006-1003"
},
{
"status": "affected",
"version": "1015-1002-1006-1003"
},
{
"status": "affected",
"version": "1015-1002-1007-1002"
},
{
"status": "affected",
"version": "1015-1003-1008-1003"
},
{
"status": "affected",
"version": "1015-1005-1009-1004"
},
{
"status": "affected",
"version": "1015-1006-1004-1002"
},
{
"status": "affected",
"version": "1015-1006-1005-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1002"
},
{
"status": "affected",
"version": "1015C-1004C-1003C-1005C"
},
{
"status": "affected",
"version": "1015K-1006K-1008PO-1002K"
},
{
"status": "affected",
"version": "1016-1002-1007-1002"
},
{
"status": "affected",
"version": "1016-1006-1013-1002"
},
{
"status": "affected",
"version": "1016-1007-1009-1003"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1017-1002-1007-1003"
},
{
"status": "affected",
"version": "1017-1003-1007-1003"
},
{
"status": "affected",
"version": "1017-1003-1009-1003"
},
{
"status": "affected",
"version": "1017-1005-1004-1005"
},
{
"status": "affected",
"version": "1017-1006-1013-1002"
},
{
"status": "affected",
"version": "1017-1013-1014-1005"
},
{
"status": "affected",
"version": "1018-1003-1005-1004"
},
{
"status": "affected",
"version": "1018-1003-1008-1003"
},
{
"status": "affected",
"version": "1018-1003-1008-1004"
},
{
"status": "affected",
"version": "1018-1003-1008PO-1003"
},
{
"status": "affected",
"version": "1018-1004-1005-1005"
},
{
"status": "affected",
"version": "1018-1007-1009-1003"
},
{
"status": "affected",
"version": "1018-1012-1011-1010"
},
{
"status": "affected",
"version": "1019-1004-1006-1005"
},
{
"status": "affected",
"version": "1019-1007-1009-1003"
},
{
"status": "affected",
"version": "1020-1003-1008-1003"
},
{
"status": "affected",
"version": "1020-1003-1008-1004"
},
{
"status": "affected",
"version": "1020-1004-1007-1006"
},
{
"status": "affected",
"version": "1020-1007-1008-1003"
},
{
"status": "affected",
"version": "1020-1007-1009-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1004"
},
{
"status": "affected",
"version": "1021-1005-1006-1005"
},
{
"status": "affected",
"version": "1021-1005-1008-1006"
},
{
"status": "affected",
"version": "1021-1006-1015-1002"
},
{
"status": "affected",
"version": "1021-1007-1010-1003"
},
{
"status": "affected",
"version": "1022-1005-1007-1005"
},
{
"status": "affected",
"version": "1022-1005-1009-1007"
},
{
"status": "affected",
"version": "1022-1006-1015-1002"
},
{
"status": "affected",
"version": "1022-1013-1014-1010"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1005-1008-1006"
},
{
"status": "affected",
"version": "1023-1007-1016-1003"
},
{
"status": "affected",
"version": "1024-1019-1019-1007"
},
{
"status": "affected",
"version": "1025-1006-1010-1007"
},
{
"status": "affected",
"version": "1025-1017-1017-1011"
},
{
"status": "affected",
"version": "1027-1007-1019-1003"
},
{
"status": "affected",
"version": "1027-1021-1021-1008"
},
{
"status": "affected",
"version": "1028-1021-1022-1008"
},
{
"status": "affected",
"version": "1031-1007-1022-1003"
},
{
"status": "affected",
"version": "1032-1022-1024-1008"
},
{
"status": "affected",
"version": "1033-1018-1021-1012"
},
{
"status": "affected",
"version": "1035-1005-1005-1004"
},
{
"status": "affected",
"version": "1035-1005-1005-1005"
},
{
"status": "affected",
"version": "1035-1005-1005-1005P"
},
{
"status": "affected",
"version": "1035-1007-1024-1003"
},
{
"status": "affected",
"version": "1035-1024-1025-1008"
},
{
"status": "affected",
"version": "1036-1005-1006-1005"
},
{
"status": "affected",
"version": "1036-1007-1024-1003"
},
{
"status": "affected",
"version": "1036-1014-1016-1016"
},
{
"status": "affected",
"version": "1037-1024-1027-1008"
},
{
"status": "affected",
"version": "1037-1025-1027-1008"
},
{
"status": "affected",
"version": "1038-1021-1024-1012"
},
{
"status": "affected",
"version": "1038-1021-1024-1012-A5"
},
{
"status": "affected",
"version": "1038-1025-1028-1008"
},
{
"status": "affected",
"version": "1039-1005-1008-1004"
},
{
"status": "affected",
"version": "1039-1005-1008-1005"
},
{
"status": "affected",
"version": "1039-1014-1017-1016"
},
{
"status": "affected",
"version": "1039D-1014D-1017D-1016D"
},
{
"status": "affected",
"version": "1040-1026-1029-1008"
},
{
"status": "affected",
"version": "1041-1005-1009-1005"
},
{
"status": "affected",
"version": "1042-1026-1030-1008"
},
{
"status": "affected",
"version": "1044-1026-1030-1008"
},
{
"status": "affected",
"version": "1044-1026-1031-1008"
},
{
"status": "affected",
"version": "1045-1015-1020-1018"
},
{
"status": "affected",
"version": "1046-1027-1032-1008"
},
{
"status": "affected",
"version": "1047-1027-1031-1008"
},
{
"status": "affected",
"version": "1049-1027-1033-1008"
},
{
"status": "affected",
"version": "1050-1027-1034-1008"
},
{
"status": "affected",
"version": "1050-1027-1036-1008"
},
{
"status": "affected",
"version": "1051-1027-1035-1008"
},
{
"status": "affected",
"version": "1051CZ-1028-1037-1008"
},
{
"status": "affected",
"version": "1052-1027-1034-1008"
},
{
"status": "affected",
"version": "1052-1028-1038-1008"
},
{
"status": "affected",
"version": "1052A-1028-1038A-1008"
},
{
"status": "affected",
"version": "1054-1027-1036-1008"
},
{
"status": "affected",
"version": "1054-1028-1036-1008"
},
{
"status": "affected",
"version": "1055-1028-1036-1008"
},
{
"status": "affected",
"version": "1056-1028-1037-1008"
},
{
"status": "affected",
"version": "1058-1028-1039-1008"
},
{
"status": "affected",
"version": "1062-1028-1041-1008"
},
{
"status": "affected",
"version": "1065-1029-1043-1008"
},
{
"status": "affected",
"version": "1068-1029-1043-1008"
},
{
"status": "affected",
"version": "1069-1029-1043-1008"
},
{
"status": "affected",
"version": "1071-1029-1044-1008"
},
{
"status": "affected",
"version": "1077-1017-1035-1007"
},
{
"status": "affected",
"version": "1077-1017-1035-1007-A6"
},
{
"status": "affected",
"version": "1077-1017-1035-1007-D4"
},
{
"status": "affected",
"version": "1077-1017-1035-1007-D705FF"
},
{
"status": "affected",
"version": "1078-1017-1036-1007"
},
{
"status": "affected",
"version": "1078-1017-1036-1007-A6"
},
{
"status": "affected",
"version": "1078-1017-1036-1007-D707FF"
},
{
"status": "affected",
"version": "1079-1017-1037-1007"
},
{
"status": "affected",
"version": "1079-1017-1037-1007-D4"
},
{
"status": "affected",
"version": "1W77-1W17-1W35-1W07-A6"
},
{
"status": "affected",
"version": "A077-1017-A035-1007"
},
{
"status": "affected",
"version": "A077-1017-A035-1007-A6"
},
{
"status": "affected",
"version": "A1035-1024-A1025-1008"
},
{
"status": "affected",
"version": "A1038-1025-A1028-1008-D4"
},
{
"status": "affected",
"version": "S681-S681-S681-S681"
},
{
"status": "affected",
"version": "S749-S749-S749-S749"
},
{
"status": "affected",
"version": "S818-S818-S818-S818"
},
{
"status": "affected",
"version": "S820-S820-S820-S820"
},
{
"status": "affected",
"version": "S823-S823-S823-S823"
},
{
"status": "affected",
"version": "S914V-S914V-S914V-S914V"
},
{
"status": "affected",
"version": "S984-S984-S984-S984"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function is used to identify \".cab\" requests, allowing any URL containing \".cab\" to bypass authentication and access protected endpoints."
}
],
"value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function is used to identify \".cab\" requests, allowing any URL containing \".cab\" to bypass authentication and access protected endpoints."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:45:02.858Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34053",
"datePublished": "2025-07-01T14:45:02.858Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T18:46:09.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34054 (GCVE-0-2025-34054)
Vulnerability from cvelistv5
Published
2025-07-01 14:46
Modified
2025-11-17 21:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-03-07 UTC.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Version: 1008-1002-1005-1000 Version: 1009-1003-1006-1001 Version: 1009Y-1003Y-1006Y-1001Y Version: 1010-1004-1007-1001 Version: 1011-1005-1008-1002 Version: 1014-1005-1009-1002 Version: 1015-1006-1010-1003 Version: 1016-1007-1011-1003 Version: 1017-1008-1012-1002 Version: 1017Y-1008Y-1012Y-1002Y Version: 1018-1008-1012-1004 Version: 1019-1009-1013-1003 Version: 1019c-1012c-1014c-1001c-FFFF Version: 1022-1014-1016-1002-FFFF Version: 1022Y-1014Y-1016Y-1002Y-FFFF Version: 1023-1014-1017-1002-FFFF |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34054",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:46:33.820743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:46:40.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Search.cgi",
"username parameter",
"queryb64str"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-03-07 UTC."
}
],
"value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-03-07 UTC."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T21:23:54.440Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34054",
"datePublished": "2025-07-01T14:46:00.832Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-11-17T21:23:54.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34056 (GCVE-0-2025-34056)
Vulnerability from cvelistv5
Published
2025-07-01 14:46
Modified
2025-07-01 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Version: 0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34056",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:34:24.733333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:34:41.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"PwdGrp.cgi user/group configuration handler",
"pwd parameter",
"grp parameter"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the \u003ccode\u003ePwdGrp.cgi\u003c/code\u003e endpoint, which handles user and group management operations. Authenticated users can supply input through the \u003ccode\u003epwd\u003c/code\u003e or \u003ccode\u003egrp\u003c/code\u003e parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges."
}
],
"value": "An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:46:52.800Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34056",
"datePublished": "2025-07-01T14:46:52.800Z",
"dateReserved": "2025-04-15T19:15:22.549Z",
"dateUpdated": "2025-07-01T18:34:41.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34055 (GCVE-0-2025-34055)
Vulnerability from cvelistv5
Published
2025-07-01 14:46
Modified
2025-07-01 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Version: 1001-1000-1000-1000 Version: 1002-1000-1000-1000 Version: 1002-1001-1001-1001 Version: 1003-1000-1001-1000 Version: 1003-1001-1001-1000 Version: 1003-1001-1001-1001 Version: 1004-1000-1000-1000 Version: 1004-1001-1001-1001 Version: 1004-1001-1002-1000 Version: 1004-1002-1001-1000 Version: 1004V-1002V-1003V-1001V Version: 1004Y-1002Y-1001EJ-1000Y Version: 1005-1001-1002-1000 Version: 1005-1002-1001-1002 Version: 1005-1002-1002-1000 Version: 1005-1002-1004-1001 Version: 1006-1001-1003-1000 Version: 1006-1001-1003-1003 Version: 1006-1002-1001-1002 Version: 1006-1002-1003-1000 Version: 1006R-1002R-1001R-1002R Version: 1007-1001-1003-1000 Version: 1007-1001-1003-1003 Version: 1007-1002-1004-1000 Version: 1007-1003-1005-1001 Version: 1007E-1003E-1005EJ-1001E Version: 1007V-1003V-1005V-1001V Version: 1008-1001-1001-1001 Version: 1008-1002-1002-1003 Version: 1008-1002-1005-1000 Version: 1008-1003-1005-1003 Version: 1008-1004-1003-1002 Version: 1009-1001-1002-1001 Version: 1009-1001-1004-1000 Version: 1009-1003-1006-1001 Version: 1009-1004-1005-1006 Version: 1009-1004-1006-1003 Version: 1009Y-1003Y-1006Y-1001Y Version: 1010-1001-1003-1001 Version: 1010-1001-1004-1005 Version: 1010-1002-1005-1000 Version: 1010-1004-1007-1001 Version: 1010-1005-1005-1002 Version: 1011-1002-1004-1001 Version: 1011-1002-1006-1000 Version: 1011-1005-1007EJ-1001 Version: 1011-1005-1008-1002 Version: 1012-1002-1004-1001 Version: 1012-1002-1006-1005 Version: 1012-1002-1007-1004 Version: 1012-1003-1001-1005 Version: 1012-1003-1005-1005 Version: 1012-1004-1008-1008 Version: 1012-1008-1009-1000-FFFF Version: 1013-1002-1006-1005 Version: 1013-1003-1005-1001 Version: 1013-1004-1008-1003 Version: 1013-1004-1008-1008 Version: 1014-1002-1007-1004 Version: 1014-1003-1006-1001 Version: 1014-1003-1006PL-1001 Version: 1014-1003-1007-1001 Version: 1014-1004-1008-1008 Version: 1014-1005-1009-1002 Version: 1014-1007-1009-1001 Version: 1014L-1002L-1006L-1005L Version: 1015-1006-1004-1002 Version: 1015-1006-1005-1002 Version: 1015-1006-1008-1002 Version: 1015-1006-1008-1007 Version: 1015-1006-1010-1003 Version: 1015-1007-1007-1007 Version: 1015K-1006K-1008PO-1002K Version: 1015Y-1007Y-1010Y-1001Y Version: 1016-1003-1007-1001 Version: 1016-1004-1009-1009 Version: 1016-1006-1008-1007 Version: 1016-1007-1005-1001 Version: 1016-1007-1009-1003 Version: 1016-1007-1011-1001 Version: 1016-1007-1011-1003 Version: 1016-1008-1007-1007 Version: 1016Y-1007Y-1011Y-1001Y Version: 1017-1002-1008-1005 Version: 1017-1003-1007-1002 Version: 1017-1003-1008-1006 Version: 1017-1008-1012-1002 Version: 1017-1011-1013-1001-FFFF Version: 1017k-1003k-1008k-1006k Version: 1017Y-1008Y-1012Y-1002Y Version: 1018-1003-1005-1004 Version: 1018-1003-1007-1002 Version: 1018-1003-1008-1003 Version: 1018-1003-1008-1004 Version: 1018-1003-1008PO-1003 Version: 1018-1006-1009-1007 Version: 1018-1007-1009-1003 Version: 1018-1008-1012-1004 Version: 1019-1003-1007-1002 Version: 1019-1003-1008-1001 Version: 1019-1004-1009-1007 Version: 1019-1007-1009-1003 Version: 1019-1009-1013-1003 Version: 1019-1010-1009-1009 Version: 1019c-1012c-1014c-1001c-FFFF Version: 1020-1003-1008-1003 Version: 1020-1003-1008-1004 Version: 1020-1003-1010-1006 Version: 1020-1004-1009-1007 Version: 1020-1005-1011-1010 Version: 1020-1005-1012-1007 Version: 1020-1007-1008-1003 Version: 1020-1007-1009-1003 Version: 1021-1003-1008-1003 Version: 1021-1003-1008-1004 Version: 1021-1005-1011-1010 Version: 1021-1007-1010-1003 Version: 1021L-1003L-1010L-1006L Version: 1021r-1004r-1009r-1007r Version: 1022-1003-1008-1002 Version: 1022-1004-1009-1007 Version: 1022-1007-1012-1007 Version: 1022-1012-1011-1009 Version: 1022-1014-1016-1002-FFFF Version: 1022L-1004L-1011L-1006L Version: 1022L-1005L-1011L-1010L Version: 1022Y-1014Y-1016Y-1002Y-FFFF Version: 1023-1004-1010-1007 Version: 1023-1014-1017-1002-FFFF Version: 1025-1006-1013-1011 Version: 1025-1008-1013-1008 Version: 1025-1014-1013-1009 Version: 1027-1008-1012-1008 Version: 1027-1008-1013-1008 Version: 1027-1014-1015-1009 Version: 1027L-1006L-1015L-1009L Version: 1028-1007-1014-1012 Version: 1029-1007-1014-1008 Version: 1030-1007-1014-1012 Version: 1030-1008-1014-1008 Version: 1031-1007-1015-1012 Version: 1032-1007-1015-1008 Version: 1032k-1007k-1015k-1008k Version: 1036r-1008r-1016r-1009r Version: 1037-1008-1017-1009 Version: S749-S749-S749-S749 Version: S820-S820-S820-S820 Version: S823-S823-S823-S823 Version: S855-S855-S855-S855 Version: S914V-S914V-S914V-S914V Version: S968-S968-S968-S968 Version: S984-S984-S984-S984 Version: T717-T717-T717-T717 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:33:10.541355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:33:20.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"cgi-bin/supervisor/adcommand.cgi",
"strCmd within DoShellCmd"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1001-1001-1001"
},
{
"status": "affected",
"version": "1003-1000-1001-1000"
},
{
"status": "affected",
"version": "1003-1001-1001-1000"
},
{
"status": "affected",
"version": "1003-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1000-1000-1000"
},
{
"status": "affected",
"version": "1004-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1001-1002-1000"
},
{
"status": "affected",
"version": "1004-1002-1001-1000"
},
{
"status": "affected",
"version": "1004V-1002V-1003V-1001V"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001EJ-1000Y"
},
{
"status": "affected",
"version": "1005-1001-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1001-1002"
},
{
"status": "affected",
"version": "1005-1002-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1004-1001"
},
{
"status": "affected",
"version": "1006-1001-1003-1000"
},
{
"status": "affected",
"version": "1006-1001-1003-1003"
},
{
"status": "affected",
"version": "1006-1002-1001-1002"
},
{
"status": "affected",
"version": "1006-1002-1003-1000"
},
{
"status": "affected",
"version": "1006R-1002R-1001R-1002R"
},
{
"status": "affected",
"version": "1007-1001-1003-1000"
},
{
"status": "affected",
"version": "1007-1001-1003-1003"
},
{
"status": "affected",
"version": "1007-1002-1004-1000"
},
{
"status": "affected",
"version": "1007-1003-1005-1001"
},
{
"status": "affected",
"version": "1007E-1003E-1005EJ-1001E"
},
{
"status": "affected",
"version": "1007V-1003V-1005V-1001V"
},
{
"status": "affected",
"version": "1008-1001-1001-1001"
},
{
"status": "affected",
"version": "1008-1002-1002-1003"
},
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1008-1003-1005-1003"
},
{
"status": "affected",
"version": "1008-1004-1003-1002"
},
{
"status": "affected",
"version": "1009-1001-1002-1001"
},
{
"status": "affected",
"version": "1009-1001-1004-1000"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009-1004-1005-1006"
},
{
"status": "affected",
"version": "1009-1004-1006-1003"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1001-1003-1001"
},
{
"status": "affected",
"version": "1010-1001-1004-1005"
},
{
"status": "affected",
"version": "1010-1002-1005-1000"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010-1005-1005-1002"
},
{
"status": "affected",
"version": "1011-1002-1004-1001"
},
{
"status": "affected",
"version": "1011-1002-1006-1000"
},
{
"status": "affected",
"version": "1011-1005-1007EJ-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1012-1002-1004-1001"
},
{
"status": "affected",
"version": "1012-1002-1006-1005"
},
{
"status": "affected",
"version": "1012-1002-1007-1004"
},
{
"status": "affected",
"version": "1012-1003-1001-1005"
},
{
"status": "affected",
"version": "1012-1003-1005-1005"
},
{
"status": "affected",
"version": "1012-1004-1008-1008"
},
{
"status": "affected",
"version": "1012-1008-1009-1000-FFFF"
},
{
"status": "affected",
"version": "1013-1002-1006-1005"
},
{
"status": "affected",
"version": "1013-1003-1005-1001"
},
{
"status": "affected",
"version": "1013-1004-1008-1003"
},
{
"status": "affected",
"version": "1013-1004-1008-1008"
},
{
"status": "affected",
"version": "1014-1002-1007-1004"
},
{
"status": "affected",
"version": "1014-1003-1006-1001"
},
{
"status": "affected",
"version": "1014-1003-1006PL-1001"
},
{
"status": "affected",
"version": "1014-1003-1007-1001"
},
{
"status": "affected",
"version": "1014-1004-1008-1008"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1014-1007-1009-1001"
},
{
"status": "affected",
"version": "1014L-1002L-1006L-1005L"
},
{
"status": "affected",
"version": "1015-1006-1004-1002"
},
{
"status": "affected",
"version": "1015-1006-1005-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1007"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1015-1007-1007-1007"
},
{
"status": "affected",
"version": "1015K-1006K-1008PO-1002K"
},
{
"status": "affected",
"version": "1015Y-1007Y-1010Y-1001Y"
},
{
"status": "affected",
"version": "1016-1003-1007-1001"
},
{
"status": "affected",
"version": "1016-1004-1009-1009"
},
{
"status": "affected",
"version": "1016-1006-1008-1007"
},
{
"status": "affected",
"version": "1016-1007-1005-1001"
},
{
"status": "affected",
"version": "1016-1007-1009-1003"
},
{
"status": "affected",
"version": "1016-1007-1011-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1016-1008-1007-1007"
},
{
"status": "affected",
"version": "1016Y-1007Y-1011Y-1001Y"
},
{
"status": "affected",
"version": "1017-1002-1008-1005"
},
{
"status": "affected",
"version": "1017-1003-1007-1002"
},
{
"status": "affected",
"version": "1017-1003-1008-1006"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017-1011-1013-1001-FFFF"
},
{
"status": "affected",
"version": "1017k-1003k-1008k-1006k"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1003-1005-1004"
},
{
"status": "affected",
"version": "1018-1003-1007-1002"
},
{
"status": "affected",
"version": "1018-1003-1008-1003"
},
{
"status": "affected",
"version": "1018-1003-1008-1004"
},
{
"status": "affected",
"version": "1018-1003-1008PO-1003"
},
{
"status": "affected",
"version": "1018-1006-1009-1007"
},
{
"status": "affected",
"version": "1018-1007-1009-1003"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1003-1007-1002"
},
{
"status": "affected",
"version": "1019-1003-1008-1001"
},
{
"status": "affected",
"version": "1019-1004-1009-1007"
},
{
"status": "affected",
"version": "1019-1007-1009-1003"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019-1010-1009-1009"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1020-1003-1008-1003"
},
{
"status": "affected",
"version": "1020-1003-1008-1004"
},
{
"status": "affected",
"version": "1020-1003-1010-1006"
},
{
"status": "affected",
"version": "1020-1004-1009-1007"
},
{
"status": "affected",
"version": "1020-1005-1011-1010"
},
{
"status": "affected",
"version": "1020-1005-1012-1007"
},
{
"status": "affected",
"version": "1020-1007-1008-1003"
},
{
"status": "affected",
"version": "1020-1007-1009-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1004"
},
{
"status": "affected",
"version": "1021-1005-1011-1010"
},
{
"status": "affected",
"version": "1021-1007-1010-1003"
},
{
"status": "affected",
"version": "1021L-1003L-1010L-1006L"
},
{
"status": "affected",
"version": "1021r-1004r-1009r-1007r"
},
{
"status": "affected",
"version": "1022-1003-1008-1002"
},
{
"status": "affected",
"version": "1022-1004-1009-1007"
},
{
"status": "affected",
"version": "1022-1007-1012-1007"
},
{
"status": "affected",
"version": "1022-1012-1011-1009"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022L-1004L-1011L-1006L"
},
{
"status": "affected",
"version": "1022L-1005L-1011L-1010L"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1004-1010-1007"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
},
{
"status": "affected",
"version": "1025-1006-1013-1011"
},
{
"status": "affected",
"version": "1025-1008-1013-1008"
},
{
"status": "affected",
"version": "1025-1014-1013-1009"
},
{
"status": "affected",
"version": "1027-1008-1012-1008"
},
{
"status": "affected",
"version": "1027-1008-1013-1008"
},
{
"status": "affected",
"version": "1027-1014-1015-1009"
},
{
"status": "affected",
"version": "1027L-1006L-1015L-1009L"
},
{
"status": "affected",
"version": "1028-1007-1014-1012"
},
{
"status": "affected",
"version": "1029-1007-1014-1008"
},
{
"status": "affected",
"version": "1030-1007-1014-1012"
},
{
"status": "affected",
"version": "1030-1008-1014-1008"
},
{
"status": "affected",
"version": "1031-1007-1015-1012"
},
{
"status": "affected",
"version": "1032-1007-1015-1008"
},
{
"status": "affected",
"version": "1032k-1007k-1015k-1008k"
},
{
"status": "affected",
"version": "1036r-1008r-1016r-1009r"
},
{
"status": "affected",
"version": "1037-1008-1017-1009"
},
{
"status": "affected",
"version": "S749-S749-S749-S749"
},
{
"status": "affected",
"version": "S820-S820-S820-S820"
},
{
"status": "affected",
"version": "S823-S823-S823-S823"
},
{
"status": "affected",
"version": "S855-S855-S855-S855"
},
{
"status": "affected",
"version": "S914V-S914V-S914V-S914V"
},
{
"status": "affected",
"version": "S968-S968-S968-S968"
},
{
"status": "affected",
"version": "S984-S984-S984-S984"
},
{
"status": "affected",
"version": "T717-T717-T717-T717"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the \u003ccode\u003eadcommand.cgi\u003c/code\u003e endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the \u003ccode\u003eDoShellCmd\u003c/code\u003e operation, passing arbitrary input via the \u003ccode\u003estrCmd\u003c/code\u003e parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."
}
],
"value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:46:38.848Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34055",
"datePublished": "2025-07-01T14:46:38.848Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T18:33:20.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34065 (GCVE-0-2025-34065)
Vulnerability from cvelistv5
Published
2025-07-01 14:47
Modified
2025-07-01 18:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Version: 1000-1000-1000-1000 Version: 1000C-1000C-1000C-1000C Version: 1001-1000-1000-1000 Version: 1001-1001-1000-1000 Version: 1002-1000-1000-1000 Version: 1002-1002-1000-1002 Version: 1002D-1000D-1000D-1000D Version: 1003-1000-1000-1001 Version: 1003-1001-1001-1000 Version: 1003-1002-1001-1000 Version: 1004-1000-1000-1000 Version: 1004-1001-1001-1001 Version: 1004-1002-1000-1001 Version: 1004-1003-1001-1002 Version: 1004-1003-1002-1001 Version: 1004A-1001A-1002A-1000A Version: 1005-1002-1001-1002 Version: 1005-1003-1001-1002 Version: 1005-1004-1002-1001 Version: 1005A-1001A-1002A-1001A Version: 1005D-1001D-1002D-1001D Version: 1006-1002-1001-1002 Version: 1006-1003-1001-1001 Version: 1006-1004-1003-1001 Version: 1007-1001-1003-1001 Version: 1007-1001-1004-1003 Version: 1007-1002-1001-1000 Version: 1007-1002-1001-1003 Version: 1007-1002-1003-1002 Version: 1007-1004-1003-1001 Version: 1008-1001-1003-1002 Version: 1008-1004-1004-1001 Version: 1008D-1003D-1004D-1002D Version: 1008J-1004J-1004J-1001J Version: 1009-1001-1004-1001 Version: 1009-1002-1005-1003 Version: 1009-1003-1001-1003 Version: 1009-1003-1005-1002 Version: 1010-1001-1004-1001 Version: 1010-1001-1004-1002 Version: 1010-1003-1005-1002 Version: 1010-1003-1006-1003 Version: 1010-1003-1006-1004 Version: 1010-1004-1007-1001 Version: 1010J-1001J-1004J-1001J Version: 1010N-1003N-1005N-1002N Version: 1011-1001-1002A-1002 Version: 1011-1001-1002D-1002 Version: 1011-1001-1003-1002 Version: 1011-1001-1004-1002 Version: 1011-1001-1005-1002 Version: 1011-1004-1005-1002 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34065",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:35:32.244766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:36:04.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Search.cgi",
"username parameter",
"queryb64str"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1000-1000-1000-1000"
},
{
"status": "affected",
"version": "1000C-1000C-1000C-1000C"
},
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1001-1001-1000-1000"
},
{
"status": "affected",
"version": "1002-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1002-1000-1002"
},
{
"status": "affected",
"version": "1002D-1000D-1000D-1000D"
},
{
"status": "affected",
"version": "1003-1000-1000-1001"
},
{
"status": "affected",
"version": "1003-1001-1001-1000"
},
{
"status": "affected",
"version": "1003-1002-1001-1000"
},
{
"status": "affected",
"version": "1004-1000-1000-1000"
},
{
"status": "affected",
"version": "1004-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1002-1000-1001"
},
{
"status": "affected",
"version": "1004-1003-1001-1002"
},
{
"status": "affected",
"version": "1004-1003-1002-1001"
},
{
"status": "affected",
"version": "1004A-1001A-1002A-1000A"
},
{
"status": "affected",
"version": "1005-1002-1001-1002"
},
{
"status": "affected",
"version": "1005-1003-1001-1002"
},
{
"status": "affected",
"version": "1005-1004-1002-1001"
},
{
"status": "affected",
"version": "1005A-1001A-1002A-1001A"
},
{
"status": "affected",
"version": "1005D-1001D-1002D-1001D"
},
{
"status": "affected",
"version": "1006-1002-1001-1002"
},
{
"status": "affected",
"version": "1006-1003-1001-1001"
},
{
"status": "affected",
"version": "1006-1004-1003-1001"
},
{
"status": "affected",
"version": "1007-1001-1003-1001"
},
{
"status": "affected",
"version": "1007-1001-1004-1003"
},
{
"status": "affected",
"version": "1007-1002-1001-1000"
},
{
"status": "affected",
"version": "1007-1002-1001-1003"
},
{
"status": "affected",
"version": "1007-1002-1003-1002"
},
{
"status": "affected",
"version": "1007-1004-1003-1001"
},
{
"status": "affected",
"version": "1008-1001-1003-1002"
},
{
"status": "affected",
"version": "1008-1004-1004-1001"
},
{
"status": "affected",
"version": "1008D-1003D-1004D-1002D"
},
{
"status": "affected",
"version": "1008J-1004J-1004J-1001J"
},
{
"status": "affected",
"version": "1009-1001-1004-1001"
},
{
"status": "affected",
"version": "1009-1002-1005-1003"
},
{
"status": "affected",
"version": "1009-1003-1001-1003"
},
{
"status": "affected",
"version": "1009-1003-1005-1002"
},
{
"status": "affected",
"version": "1010-1001-1004-1001"
},
{
"status": "affected",
"version": "1010-1001-1004-1002"
},
{
"status": "affected",
"version": "1010-1003-1005-1002"
},
{
"status": "affected",
"version": "1010-1003-1006-1003"
},
{
"status": "affected",
"version": "1010-1003-1006-1004"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010J-1001J-1004J-1001J"
},
{
"status": "affected",
"version": "1010N-1003N-1005N-1002N"
},
{
"status": "affected",
"version": "1011-1001-1002A-1002"
},
{
"status": "affected",
"version": "1011-1001-1002D-1002"
},
{
"status": "affected",
"version": "1011-1001-1003-1002"
},
{
"status": "affected",
"version": "1011-1001-1004-1002"
},
{
"status": "affected",
"version": "1011-1001-1005-1002"
},
{
"status": "affected",
"version": "1011-1004-1005-1002"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function allows unauthenticated access to any request containing \"/nobody\" in the URL, bypassing login controls."
}
],
"value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function allows unauthenticated access to any request containing \"/nobody\" in the URL, bypassing login controls."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:47:23.621Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34065",
"datePublished": "2025-07-01T14:47:23.621Z",
"dateReserved": "2025-04-15T19:15:22.549Z",
"dateUpdated": "2025-07-01T18:36:04.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}