CVE-2025-34054 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection

🗓️ 01 Jul 2025 14:46:00Reported by VulnCheckType

Unauthenticated command injection in AVTECH DVR devices allows attackers to execute root commands.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-34054	1 Jul 202515:08	–	circl
CNNVD	AVTECH DVR 安全漏洞	1 Jul 202500:00	–	cnnvd
CVE	CVE-2025-34054	1 Jul 202514:46	–	cve
EUVD	EUVD-2025-19644	3 Oct 202520:07	–	euvd
NVD	CVE-2025-34054	1 Jul 202515:15	–	nvd
OpenVAS	AVTECH Devices Multiple Vulnerabilities	18 Oct 201600:00	–	openvas
Positive Technologies	PT-2025-27538	1 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-34054	3 Jul 202515:23	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2025-34054	22 Oct 202000:00	–	vulncheck_kev
Vulnrichment	CVE-2025-34054 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection	1 Jul 202514:46	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Search.cgi",
      "username parameter",
      "queryb64str"
    ],
    "product": "IP camera, DVR, and NVR Devices",
    "vendor": "AVTECH",
    "versions": [
      {
        "status": "affected",
        "version": "1008-1002-1005-1000"
      },
      {
        "status": "affected",
        "version": "1009-1003-1006-1001"
      },
      {
        "status": "affected",
        "version": "1009Y-1003Y-1006Y-1001Y"
      },
      {
        "status": "affected",
        "version": "1010-1004-1007-1001"
      },
      {
        "status": "affected",
        "version": "1011-1005-1008-1002"
      },
      {
        "status": "affected",
        "version": "1014-1005-1009-1002"
      },
      {
        "status": "affected",
        "version": "1015-1006-1010-1003"
      },
      {
        "status": "affected",
        "version": "1016-1007-1011-1003"
      },
      {
        "status": "affected",
        "version": "1017-1008-1012-1002"
      },
      {
        "status": "affected",
        "version": "1017Y-1008Y-1012Y-1002Y"
      },
      {
        "status": "affected",
        "version": "1018-1008-1012-1004"
      },
      {
        "status": "affected",
        "version": "1019-1009-1013-1003"
      },
      {
        "status": "affected",
        "version": "1019c-1012c-1014c-1001c-FFFF"
      },
      {
        "status": "affected",
        "version": "1022-1014-1016-1002-FFFF"
      },
      {
        "status": "affected",
        "version": "1022Y-1014Y-1016Y-1002Y-FFFF"
      },
      {
        "status": "affected",
        "version": "1023-1014-1017-1002-FFFF"
      }
    ]
  }
]

Source	Link
web	www.web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities
avtech	www.avtech.com/
exploit-db	www.exploit-db.com/exploits/40500
web	www.web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH
vulncheck	www.vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

07 Apr 2026 14:09Current

CVSS 410

EPSS0.02298

CWE-78