EUVD-2025-19641

Malicious code in bioql PyPI...

CVE-2025-34055 AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed...

CVE-2025-34050 AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration...

AVTECH Device Detection (HTTP)

HTTP based detection of AVTECH devices SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.809066";...

Login CAPTCHA Bypass Vulnerability in AVTECH Device Login Parameter

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. There is a login authentication code bypass vulnerability in the login parameter of AVTECH devices. When the login request...

Server Side Request Forgery (SSRF) Vulnerability in AVTECH DVRs

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH DVR suffers from a server-side request forgery SSRF vulnerability. search.cgi provides search and access services for...