AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞

AVTECH IP camera and others are products of AVTECH Corporation, USA.AVTECH IP camera is a series of network security cameras.AVTECH DVR is a digital video recording host.AVTECH NVR is a network video recorder. A security vulnerability exists in AVTECH IP camera, AVTECH DVR, and AVTECH NVR, which...

AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞

AVTECH IP camera and others are products of AVTECH Corporation, USA.AVTECH IP camera is a series of network security cameras.AVTECH DVR is a digital video recording host.AVTECH NVR is a network video recorder. A security vulnerability exists in AVTECH IP camera, AVTECH DVR, and AVTECH NVR that...

PT-2025-27540 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH IP camera, DVR, and NVR devices affected versions not specified Description: An OS command injection issue exists in the devices via the "PwdGrp.cgi" endpoint, which handles user and group management operations. Authenticated users can...

PT-2025-27545 · Avtech +1 · Avtech Ip Cameras +3

Name of the Vulnerable Software and Affected Versions: AVTECH IP cameras, DVRs, and NVRs affected versions not specified Description: An improper certificate validation issue exists due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This...

PT-2025-27539 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH DVR, NVR, and IP camera devices affected versions not specified Description: An OS command injection issue exists within the "adcommand.cgi" endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the...

PT-2025-27538

Name of the Vulnerable Software and Affected Versions: AVTECH DVR devices affected versions not specified Description: An unauthenticated command injection issue exists in AVTECH DVR devices. This is due to the lack of input sanitization when using wget in the "Search.cgi?action=cgi query"...

PT-2025-27534 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH IP camera, DVR, and NVR devices affected versions not specified Description: A cross-site request forgery CSRF issue exists in the web interface of the devices. An attacker can craft malicious requests that, when executed in the contex...

PT-2025-27535 · Avtech · Avtech Dvr

Name of the Vulnerable Software and Affected Versions: AVTECH DVR devices affected versions not specified Description: A server-side request forgery issue exists in AVTECH DVR devices, exposing the "/cgi-bin/nobody/Search.cgi?action=cgi query" endpoint without authentication. An attacker can...

PT-2025-27544 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH IP camera, DVR, and NVR devices affected versions not specified Description: An authentication bypass issue exists in the streamd web server of AVTECH devices. The strstr function allows unauthenticated access to any request containing...

PT-2025-27536 · Avtech · Avtech Ip Cameras +2

Name of the Vulnerable Software and Affected Versions: AVTECH IP cameras, DVRs, and NVRs affected versions not specified Description: An unauthenticated information disclosure issue exists, allowing access to sensitive internal device information such as firmware version, MAC address, and codec...

PT-2025-27537 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH IP camera, DVR, and NVR devices affected versions not specified Description: An authentication bypass issue exists in the streamd web server of AVTECH devices. The strstr function is used to identify ".cab" requests, allowing any URL...

PT-2025-48815

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection flaw within the test mail function. An attacker can execute arbitrary commands by providing a specially crafte...

PT-2025-48820

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 device contains an authenticated command injection issue within the SMB server function. This allow...

CVE-2013-4982

AVTECH AVN801 DVR has a security bypass via the administration login captcha...

CVE-2019-13379

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults=RA reset and using the default credentials to get in...

CVE-2008-3939

Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits

This article explores the recent campaign of MurdocBotnet, a malware variant of Mirai targeting vulnerable AVTECH and Huawei…...

Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai

The Qualys Threat Research Unit has uncovered a large-scale, ongoing operation within the Mirai campaign, dubbed Murdoc Botnet. This variant exploits vulnerabilities targeting AVTECH Cameras and Huawei HG532 routers. It demonstrates enhanced capabilities, exploiting vulnerabilities to compromise...