CVE-2025-34055 (GCVE-0-2025-34055)
Vulnerability from cvelistv5
Published
2025-07-01 14:46
Modified
2025-07-01 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices |
Version: 1001-1000-1000-1000 Version: 1002-1000-1000-1000 Version: 1002-1001-1001-1001 Version: 1003-1000-1001-1000 Version: 1003-1001-1001-1000 Version: 1003-1001-1001-1001 Version: 1004-1000-1000-1000 Version: 1004-1001-1001-1001 Version: 1004-1001-1002-1000 Version: 1004-1002-1001-1000 Version: 1004V-1002V-1003V-1001V Version: 1004Y-1002Y-1001EJ-1000Y Version: 1005-1001-1002-1000 Version: 1005-1002-1001-1002 Version: 1005-1002-1002-1000 Version: 1005-1002-1004-1001 Version: 1006-1001-1003-1000 Version: 1006-1001-1003-1003 Version: 1006-1002-1001-1002 Version: 1006-1002-1003-1000 Version: 1006R-1002R-1001R-1002R Version: 1007-1001-1003-1000 Version: 1007-1001-1003-1003 Version: 1007-1002-1004-1000 Version: 1007-1003-1005-1001 Version: 1007E-1003E-1005EJ-1001E Version: 1007V-1003V-1005V-1001V Version: 1008-1001-1001-1001 Version: 1008-1002-1002-1003 Version: 1008-1002-1005-1000 Version: 1008-1003-1005-1003 Version: 1008-1004-1003-1002 Version: 1009-1001-1002-1001 Version: 1009-1001-1004-1000 Version: 1009-1003-1006-1001 Version: 1009-1004-1005-1006 Version: 1009-1004-1006-1003 Version: 1009Y-1003Y-1006Y-1001Y Version: 1010-1001-1003-1001 Version: 1010-1001-1004-1005 Version: 1010-1002-1005-1000 Version: 1010-1004-1007-1001 Version: 1010-1005-1005-1002 Version: 1011-1002-1004-1001 Version: 1011-1002-1006-1000 Version: 1011-1005-1007EJ-1001 Version: 1011-1005-1008-1002 Version: 1012-1002-1004-1001 Version: 1012-1002-1006-1005 Version: 1012-1002-1007-1004 Version: 1012-1003-1001-1005 Version: 1012-1003-1005-1005 Version: 1012-1004-1008-1008 Version: 1012-1008-1009-1000-FFFF Version: 1013-1002-1006-1005 Version: 1013-1003-1005-1001 Version: 1013-1004-1008-1003 Version: 1013-1004-1008-1008 Version: 1014-1002-1007-1004 Version: 1014-1003-1006-1001 Version: 1014-1003-1006PL-1001 Version: 1014-1003-1007-1001 Version: 1014-1004-1008-1008 Version: 1014-1005-1009-1002 Version: 1014-1007-1009-1001 Version: 1014L-1002L-1006L-1005L Version: 1015-1006-1004-1002 Version: 1015-1006-1005-1002 Version: 1015-1006-1008-1002 Version: 1015-1006-1008-1007 Version: 1015-1006-1010-1003 Version: 1015-1007-1007-1007 Version: 1015K-1006K-1008PO-1002K Version: 1015Y-1007Y-1010Y-1001Y Version: 1016-1003-1007-1001 Version: 1016-1004-1009-1009 Version: 1016-1006-1008-1007 Version: 1016-1007-1005-1001 Version: 1016-1007-1009-1003 Version: 1016-1007-1011-1001 Version: 1016-1007-1011-1003 Version: 1016-1008-1007-1007 Version: 1016Y-1007Y-1011Y-1001Y Version: 1017-1002-1008-1005 Version: 1017-1003-1007-1002 Version: 1017-1003-1008-1006 Version: 1017-1008-1012-1002 Version: 1017-1011-1013-1001-FFFF Version: 1017k-1003k-1008k-1006k Version: 1017Y-1008Y-1012Y-1002Y Version: 1018-1003-1005-1004 Version: 1018-1003-1007-1002 Version: 1018-1003-1008-1003 Version: 1018-1003-1008-1004 Version: 1018-1003-1008PO-1003 Version: 1018-1006-1009-1007 Version: 1018-1007-1009-1003 Version: 1018-1008-1012-1004 Version: 1019-1003-1007-1002 Version: 1019-1003-1008-1001 Version: 1019-1004-1009-1007 Version: 1019-1007-1009-1003 Version: 1019-1009-1013-1003 Version: 1019-1010-1009-1009 Version: 1019c-1012c-1014c-1001c-FFFF Version: 1020-1003-1008-1003 Version: 1020-1003-1008-1004 Version: 1020-1003-1010-1006 Version: 1020-1004-1009-1007 Version: 1020-1005-1011-1010 Version: 1020-1005-1012-1007 Version: 1020-1007-1008-1003 Version: 1020-1007-1009-1003 Version: 1021-1003-1008-1003 Version: 1021-1003-1008-1004 Version: 1021-1005-1011-1010 Version: 1021-1007-1010-1003 Version: 1021L-1003L-1010L-1006L Version: 1021r-1004r-1009r-1007r Version: 1022-1003-1008-1002 Version: 1022-1004-1009-1007 Version: 1022-1007-1012-1007 Version: 1022-1012-1011-1009 Version: 1022-1014-1016-1002-FFFF Version: 1022L-1004L-1011L-1006L Version: 1022L-1005L-1011L-1010L Version: 1022Y-1014Y-1016Y-1002Y-FFFF Version: 1023-1004-1010-1007 Version: 1023-1014-1017-1002-FFFF Version: 1025-1006-1013-1011 Version: 1025-1008-1013-1008 Version: 1025-1014-1013-1009 Version: 1027-1008-1012-1008 Version: 1027-1008-1013-1008 Version: 1027-1014-1015-1009 Version: 1027L-1006L-1015L-1009L Version: 1028-1007-1014-1012 Version: 1029-1007-1014-1008 Version: 1030-1007-1014-1012 Version: 1030-1008-1014-1008 Version: 1031-1007-1015-1012 Version: 1032-1007-1015-1008 Version: 1032k-1007k-1015k-1008k Version: 1036r-1008r-1016r-1009r Version: 1037-1008-1017-1009 Version: S749-S749-S749-S749 Version: S820-S820-S820-S820 Version: S823-S823-S823-S823 Version: S855-S855-S855-S855 Version: S914V-S914V-S914V-S914V Version: S968-S968-S968-S968 Version: S984-S984-S984-S984 Version: T717-T717-T717-T717 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T18:33:10.541355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:33:20.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"cgi-bin/supervisor/adcommand.cgi",
"strCmd within DoShellCmd"
],
"product": "IP camera, DVR, and NVR Devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1000-1000-1000"
},
{
"status": "affected",
"version": "1002-1001-1001-1001"
},
{
"status": "affected",
"version": "1003-1000-1001-1000"
},
{
"status": "affected",
"version": "1003-1001-1001-1000"
},
{
"status": "affected",
"version": "1003-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1000-1000-1000"
},
{
"status": "affected",
"version": "1004-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1001-1002-1000"
},
{
"status": "affected",
"version": "1004-1002-1001-1000"
},
{
"status": "affected",
"version": "1004V-1002V-1003V-1001V"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001EJ-1000Y"
},
{
"status": "affected",
"version": "1005-1001-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1001-1002"
},
{
"status": "affected",
"version": "1005-1002-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1004-1001"
},
{
"status": "affected",
"version": "1006-1001-1003-1000"
},
{
"status": "affected",
"version": "1006-1001-1003-1003"
},
{
"status": "affected",
"version": "1006-1002-1001-1002"
},
{
"status": "affected",
"version": "1006-1002-1003-1000"
},
{
"status": "affected",
"version": "1006R-1002R-1001R-1002R"
},
{
"status": "affected",
"version": "1007-1001-1003-1000"
},
{
"status": "affected",
"version": "1007-1001-1003-1003"
},
{
"status": "affected",
"version": "1007-1002-1004-1000"
},
{
"status": "affected",
"version": "1007-1003-1005-1001"
},
{
"status": "affected",
"version": "1007E-1003E-1005EJ-1001E"
},
{
"status": "affected",
"version": "1007V-1003V-1005V-1001V"
},
{
"status": "affected",
"version": "1008-1001-1001-1001"
},
{
"status": "affected",
"version": "1008-1002-1002-1003"
},
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1008-1003-1005-1003"
},
{
"status": "affected",
"version": "1008-1004-1003-1002"
},
{
"status": "affected",
"version": "1009-1001-1002-1001"
},
{
"status": "affected",
"version": "1009-1001-1004-1000"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009-1004-1005-1006"
},
{
"status": "affected",
"version": "1009-1004-1006-1003"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1001-1003-1001"
},
{
"status": "affected",
"version": "1010-1001-1004-1005"
},
{
"status": "affected",
"version": "1010-1002-1005-1000"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010-1005-1005-1002"
},
{
"status": "affected",
"version": "1011-1002-1004-1001"
},
{
"status": "affected",
"version": "1011-1002-1006-1000"
},
{
"status": "affected",
"version": "1011-1005-1007EJ-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1012-1002-1004-1001"
},
{
"status": "affected",
"version": "1012-1002-1006-1005"
},
{
"status": "affected",
"version": "1012-1002-1007-1004"
},
{
"status": "affected",
"version": "1012-1003-1001-1005"
},
{
"status": "affected",
"version": "1012-1003-1005-1005"
},
{
"status": "affected",
"version": "1012-1004-1008-1008"
},
{
"status": "affected",
"version": "1012-1008-1009-1000-FFFF"
},
{
"status": "affected",
"version": "1013-1002-1006-1005"
},
{
"status": "affected",
"version": "1013-1003-1005-1001"
},
{
"status": "affected",
"version": "1013-1004-1008-1003"
},
{
"status": "affected",
"version": "1013-1004-1008-1008"
},
{
"status": "affected",
"version": "1014-1002-1007-1004"
},
{
"status": "affected",
"version": "1014-1003-1006-1001"
},
{
"status": "affected",
"version": "1014-1003-1006PL-1001"
},
{
"status": "affected",
"version": "1014-1003-1007-1001"
},
{
"status": "affected",
"version": "1014-1004-1008-1008"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1014-1007-1009-1001"
},
{
"status": "affected",
"version": "1014L-1002L-1006L-1005L"
},
{
"status": "affected",
"version": "1015-1006-1004-1002"
},
{
"status": "affected",
"version": "1015-1006-1005-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1002"
},
{
"status": "affected",
"version": "1015-1006-1008-1007"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1015-1007-1007-1007"
},
{
"status": "affected",
"version": "1015K-1006K-1008PO-1002K"
},
{
"status": "affected",
"version": "1015Y-1007Y-1010Y-1001Y"
},
{
"status": "affected",
"version": "1016-1003-1007-1001"
},
{
"status": "affected",
"version": "1016-1004-1009-1009"
},
{
"status": "affected",
"version": "1016-1006-1008-1007"
},
{
"status": "affected",
"version": "1016-1007-1005-1001"
},
{
"status": "affected",
"version": "1016-1007-1009-1003"
},
{
"status": "affected",
"version": "1016-1007-1011-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1016-1008-1007-1007"
},
{
"status": "affected",
"version": "1016Y-1007Y-1011Y-1001Y"
},
{
"status": "affected",
"version": "1017-1002-1008-1005"
},
{
"status": "affected",
"version": "1017-1003-1007-1002"
},
{
"status": "affected",
"version": "1017-1003-1008-1006"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017-1011-1013-1001-FFFF"
},
{
"status": "affected",
"version": "1017k-1003k-1008k-1006k"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1003-1005-1004"
},
{
"status": "affected",
"version": "1018-1003-1007-1002"
},
{
"status": "affected",
"version": "1018-1003-1008-1003"
},
{
"status": "affected",
"version": "1018-1003-1008-1004"
},
{
"status": "affected",
"version": "1018-1003-1008PO-1003"
},
{
"status": "affected",
"version": "1018-1006-1009-1007"
},
{
"status": "affected",
"version": "1018-1007-1009-1003"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1003-1007-1002"
},
{
"status": "affected",
"version": "1019-1003-1008-1001"
},
{
"status": "affected",
"version": "1019-1004-1009-1007"
},
{
"status": "affected",
"version": "1019-1007-1009-1003"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019-1010-1009-1009"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1020-1003-1008-1003"
},
{
"status": "affected",
"version": "1020-1003-1008-1004"
},
{
"status": "affected",
"version": "1020-1003-1010-1006"
},
{
"status": "affected",
"version": "1020-1004-1009-1007"
},
{
"status": "affected",
"version": "1020-1005-1011-1010"
},
{
"status": "affected",
"version": "1020-1005-1012-1007"
},
{
"status": "affected",
"version": "1020-1007-1008-1003"
},
{
"status": "affected",
"version": "1020-1007-1009-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1003"
},
{
"status": "affected",
"version": "1021-1003-1008-1004"
},
{
"status": "affected",
"version": "1021-1005-1011-1010"
},
{
"status": "affected",
"version": "1021-1007-1010-1003"
},
{
"status": "affected",
"version": "1021L-1003L-1010L-1006L"
},
{
"status": "affected",
"version": "1021r-1004r-1009r-1007r"
},
{
"status": "affected",
"version": "1022-1003-1008-1002"
},
{
"status": "affected",
"version": "1022-1004-1009-1007"
},
{
"status": "affected",
"version": "1022-1007-1012-1007"
},
{
"status": "affected",
"version": "1022-1012-1011-1009"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022L-1004L-1011L-1006L"
},
{
"status": "affected",
"version": "1022L-1005L-1011L-1010L"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1004-1010-1007"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
},
{
"status": "affected",
"version": "1025-1006-1013-1011"
},
{
"status": "affected",
"version": "1025-1008-1013-1008"
},
{
"status": "affected",
"version": "1025-1014-1013-1009"
},
{
"status": "affected",
"version": "1027-1008-1012-1008"
},
{
"status": "affected",
"version": "1027-1008-1013-1008"
},
{
"status": "affected",
"version": "1027-1014-1015-1009"
},
{
"status": "affected",
"version": "1027L-1006L-1015L-1009L"
},
{
"status": "affected",
"version": "1028-1007-1014-1012"
},
{
"status": "affected",
"version": "1029-1007-1014-1008"
},
{
"status": "affected",
"version": "1030-1007-1014-1012"
},
{
"status": "affected",
"version": "1030-1008-1014-1008"
},
{
"status": "affected",
"version": "1031-1007-1015-1012"
},
{
"status": "affected",
"version": "1032-1007-1015-1008"
},
{
"status": "affected",
"version": "1032k-1007k-1015k-1008k"
},
{
"status": "affected",
"version": "1036r-1008r-1016r-1009r"
},
{
"status": "affected",
"version": "1037-1008-1017-1009"
},
{
"status": "affected",
"version": "S749-S749-S749-S749"
},
{
"status": "affected",
"version": "S820-S820-S820-S820"
},
{
"status": "affected",
"version": "S823-S823-S823-S823"
},
{
"status": "affected",
"version": "S855-S855-S855-S855"
},
{
"status": "affected",
"version": "S914V-S914V-S914V-S914V"
},
{
"status": "affected",
"version": "S968-S968-S968-S968"
},
{
"status": "affected",
"version": "S984-S984-S984-S984"
},
{
"status": "affected",
"version": "T717-T717-T717-T717"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the \u003ccode\u003eadcommand.cgi\u003c/code\u003e endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the \u003ccode\u003eDoShellCmd\u003c/code\u003e operation, passing arbitrary input via the \u003ccode\u003estrCmd\u003c/code\u003e parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."
}
],
"value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:46:38.848Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34055",
"datePublished": "2025-07-01T14:46:38.848Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T18:33:20.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-34055\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-01T18:33:10.541355Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-01T18:33:17.019Z\"}}], \"cna\": {\"title\": \"AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gergely Eberhardt (SEARCH-LAB.hu)\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}, {\"capecId\": \"CAPEC-137\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-137 Parameter Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.4, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AVTECH\", \"modules\": [\"cgi-bin/supervisor/adcommand.cgi\", \"strCmd within DoShellCmd\"], \"product\": \"IP camera, DVR, and NVR Devices\", \"versions\": [{\"status\": \"affected\", \"version\": \"1001-1000-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1002-1000-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1002-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1003-1000-1001-1000\"}, {\"status\": \"affected\", \"version\": \"1003-1001-1001-1000\"}, {\"status\": \"affected\", \"version\": \"1003-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1004-1000-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1004-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1004-1001-1002-1000\"}, {\"status\": \"affected\", \"version\": \"1004-1002-1001-1000\"}, {\"status\": \"affected\", \"version\": \"1004V-1002V-1003V-1001V\"}, {\"status\": \"affected\", \"version\": \"1004Y-1002Y-1001EJ-1000Y\"}, {\"status\": \"affected\", \"version\": \"1005-1001-1002-1000\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1001-1002\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1002-1000\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1004-1001\"}, {\"status\": \"affected\", \"version\": \"1006-1001-1003-1000\"}, {\"status\": \"affected\", \"version\": \"1006-1001-1003-1003\"}, {\"status\": \"affected\", \"version\": \"1006-1002-1001-1002\"}, {\"status\": \"affected\", \"version\": \"1006-1002-1003-1000\"}, {\"status\": \"affected\", \"version\": \"1006R-1002R-1001R-1002R\"}, {\"status\": \"affected\", \"version\": \"1007-1001-1003-1000\"}, {\"status\": \"affected\", \"version\": \"1007-1001-1003-1003\"}, {\"status\": \"affected\", \"version\": \"1007-1002-1004-1000\"}, {\"status\": \"affected\", \"version\": \"1007-1003-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1007E-1003E-1005EJ-1001E\"}, {\"status\": \"affected\", \"version\": \"1007V-1003V-1005V-1001V\"}, {\"status\": \"affected\", \"version\": \"1008-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1008-1002-1002-1003\"}, {\"status\": \"affected\", \"version\": \"1008-1002-1005-1000\"}, {\"status\": \"affected\", \"version\": \"1008-1003-1005-1003\"}, {\"status\": \"affected\", \"version\": \"1008-1004-1003-1002\"}, {\"status\": \"affected\", \"version\": \"1009-1001-1002-1001\"}, {\"status\": \"affected\", \"version\": \"1009-1001-1004-1000\"}, {\"status\": \"affected\", \"version\": \"1009-1003-1006-1001\"}, {\"status\": \"affected\", \"version\": \"1009-1004-1005-1006\"}, {\"status\": \"affected\", \"version\": \"1009-1004-1006-1003\"}, {\"status\": \"affected\", \"version\": \"1009Y-1003Y-1006Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1010-1001-1003-1001\"}, {\"status\": \"affected\", \"version\": \"1010-1001-1004-1005\"}, {\"status\": \"affected\", \"version\": \"1010-1002-1005-1000\"}, {\"status\": \"affected\", \"version\": \"1010-1004-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1010-1005-1005-1002\"}, {\"status\": \"affected\", \"version\": \"1011-1002-1004-1001\"}, {\"status\": \"affected\", \"version\": \"1011-1002-1006-1000\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1007EJ-1001\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1008-1002\"}, {\"status\": \"affected\", \"version\": \"1012-1002-1004-1001\"}, {\"status\": \"affected\", \"version\": \"1012-1002-1006-1005\"}, {\"status\": \"affected\", \"version\": \"1012-1002-1007-1004\"}, {\"status\": \"affected\", \"version\": \"1012-1003-1001-1005\"}, {\"status\": \"affected\", \"version\": \"1012-1003-1005-1005\"}, {\"status\": \"affected\", \"version\": \"1012-1004-1008-1008\"}, {\"status\": \"affected\", \"version\": \"1012-1008-1009-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1013-1002-1006-1005\"}, {\"status\": \"affected\", \"version\": \"1013-1003-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1013-1004-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1013-1004-1008-1008\"}, {\"status\": \"affected\", \"version\": \"1014-1002-1007-1004\"}, {\"status\": \"affected\", \"version\": \"1014-1003-1006-1001\"}, {\"status\": \"affected\", \"version\": \"1014-1003-1006PL-1001\"}, {\"status\": \"affected\", \"version\": \"1014-1003-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1014-1004-1008-1008\"}, {\"status\": \"affected\", \"version\": \"1014-1005-1009-1002\"}, {\"status\": \"affected\", \"version\": \"1014-1007-1009-1001\"}, {\"status\": \"affected\", \"version\": \"1014L-1002L-1006L-1005L\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1004-1002\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1005-1002\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1008-1002\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1008-1007\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1010-1003\"}, {\"status\": \"affected\", \"version\": \"1015-1007-1007-1007\"}, {\"status\": \"affected\", \"version\": \"1015K-1006K-1008PO-1002K\"}, {\"status\": \"affected\", \"version\": \"1015Y-1007Y-1010Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1016-1003-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1004-1009-1009\"}, {\"status\": \"affected\", \"version\": \"1016-1006-1008-1007\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1009-1003\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1011-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1011-1003\"}, {\"status\": \"affected\", \"version\": \"1016-1008-1007-1007\"}, {\"status\": \"affected\", \"version\": \"1016Y-1007Y-1011Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1017-1002-1008-1005\"}, {\"status\": \"affected\", \"version\": \"1017-1003-1007-1002\"}, {\"status\": \"affected\", \"version\": \"1017-1003-1008-1006\"}, {\"status\": \"affected\", \"version\": \"1017-1008-1012-1002\"}, {\"status\": \"affected\", \"version\": \"1017-1011-1013-1001-FFFF\"}, {\"status\": \"affected\", \"version\": \"1017k-1003k-1008k-1006k\"}, {\"status\": \"affected\", \"version\": \"1017Y-1008Y-1012Y-1002Y\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1005-1004\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1007-1002\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1008-1004\"}, {\"status\": \"affected\", \"version\": \"1018-1003-1008PO-1003\"}, {\"status\": \"affected\", \"version\": \"1018-1006-1009-1007\"}, {\"status\": \"affected\", \"version\": \"1018-1007-1009-1003\"}, {\"status\": \"affected\", \"version\": \"1018-1008-1012-1004\"}, {\"status\": \"affected\", \"version\": \"1019-1003-1007-1002\"}, {\"status\": \"affected\", \"version\": \"1019-1003-1008-1001\"}, {\"status\": \"affected\", \"version\": \"1019-1004-1009-1007\"}, {\"status\": \"affected\", \"version\": \"1019-1007-1009-1003\"}, {\"status\": \"affected\", \"version\": \"1019-1009-1013-1003\"}, {\"status\": \"affected\", \"version\": \"1019-1010-1009-1009\"}, {\"status\": \"affected\", \"version\": \"1019c-1012c-1014c-1001c-FFFF\"}, {\"status\": \"affected\", \"version\": \"1020-1003-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1020-1003-1008-1004\"}, {\"status\": \"affected\", \"version\": \"1020-1003-1010-1006\"}, {\"status\": \"affected\", \"version\": \"1020-1004-1009-1007\"}, {\"status\": \"affected\", \"version\": \"1020-1005-1011-1010\"}, {\"status\": \"affected\", \"version\": \"1020-1005-1012-1007\"}, {\"status\": \"affected\", \"version\": \"1020-1007-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1020-1007-1009-1003\"}, {\"status\": \"affected\", \"version\": \"1021-1003-1008-1003\"}, {\"status\": \"affected\", \"version\": \"1021-1003-1008-1004\"}, {\"status\": \"affected\", \"version\": \"1021-1005-1011-1010\"}, {\"status\": \"affected\", \"version\": \"1021-1007-1010-1003\"}, {\"status\": \"affected\", \"version\": \"1021L-1003L-1010L-1006L\"}, {\"status\": \"affected\", \"version\": \"1021r-1004r-1009r-1007r\"}, {\"status\": \"affected\", \"version\": \"1022-1003-1008-1002\"}, {\"status\": \"affected\", \"version\": \"1022-1004-1009-1007\"}, {\"status\": \"affected\", \"version\": \"1022-1007-1012-1007\"}, {\"status\": \"affected\", \"version\": \"1022-1012-1011-1009\"}, {\"status\": \"affected\", \"version\": \"1022-1014-1016-1002-FFFF\"}, {\"status\": \"affected\", \"version\": \"1022L-1004L-1011L-1006L\"}, {\"status\": \"affected\", \"version\": \"1022L-1005L-1011L-1010L\"}, {\"status\": \"affected\", \"version\": \"1022Y-1014Y-1016Y-1002Y-FFFF\"}, {\"status\": \"affected\", \"version\": \"1023-1004-1010-1007\"}, {\"status\": \"affected\", \"version\": \"1023-1014-1017-1002-FFFF\"}, {\"status\": \"affected\", \"version\": \"1025-1006-1013-1011\"}, {\"status\": \"affected\", \"version\": \"1025-1008-1013-1008\"}, {\"status\": \"affected\", \"version\": \"1025-1014-1013-1009\"}, {\"status\": \"affected\", \"version\": \"1027-1008-1012-1008\"}, {\"status\": \"affected\", \"version\": \"1027-1008-1013-1008\"}, {\"status\": \"affected\", \"version\": \"1027-1014-1015-1009\"}, {\"status\": \"affected\", \"version\": \"1027L-1006L-1015L-1009L\"}, {\"status\": \"affected\", \"version\": \"1028-1007-1014-1012\"}, {\"status\": \"affected\", \"version\": \"1029-1007-1014-1008\"}, {\"status\": \"affected\", \"version\": \"1030-1007-1014-1012\"}, {\"status\": \"affected\", \"version\": \"1030-1008-1014-1008\"}, {\"status\": \"affected\", \"version\": \"1031-1007-1015-1012\"}, {\"status\": \"affected\", \"version\": \"1032-1007-1015-1008\"}, {\"status\": \"affected\", \"version\": \"1032k-1007k-1015k-1008k\"}, {\"status\": \"affected\", \"version\": \"1036r-1008r-1016r-1009r\"}, {\"status\": \"affected\", \"version\": \"1037-1008-1017-1009\"}, {\"status\": \"affected\", \"version\": \"S749-S749-S749-S749\"}, {\"status\": \"affected\", \"version\": \"S820-S820-S820-S820\"}, {\"status\": \"affected\", \"version\": \"S823-S823-S823-S823\"}, {\"status\": \"affected\", \"version\": \"S855-S855-S855-S855\"}, {\"status\": \"affected\", \"version\": \"S914V-S914V-S914V-S914V\"}, {\"status\": \"affected\", \"version\": \"S968-S968-S968-S968\"}, {\"status\": \"affected\", \"version\": \"S984-S984-S984-S984\"}, {\"status\": \"affected\", \"version\": \"T717-T717-T717-T717\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/40500\", \"tags\": [\"exploit\"]}, {\"url\": \"https://avtech.com/\", \"tags\": [\"product\"]}, {\"url\": \"https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\", \"tags\": [\"third-party-advisory\", \"technical-description\"]}, {\"url\": \"https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\", \"tags\": [\"exploit\"]}, {\"url\": \"https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the \u003ccode\u003eadcommand.cgi\u003c/code\u003e endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the \u003ccode\u003eDoShellCmd\u003c/code\u003e operation, passing arbitrary input via the \u003ccode\u003estrCmd\u003c/code\u003e parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-07-01T14:46:38.848Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-34055\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-01T18:33:20.804Z\", \"dateReserved\": \"2025-04-15T19:15:22.548Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-07-01T14:46:38.848Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…