AVTech Web Interface Detection

Binary data avtechdetect.nbin...

AVTech Multiple Vulnerabilities

The remote AVTech device is affected by multiple vulnerabilities. Depending on the firmware version the vulnerabilities may include: - All user passwords are stored in cleartext - The web interface does not use CSRF protections - An attacker is able to perform arbitrary HTTP requests through the...

‘IOTroop’ Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher

A botnet, which is adding new bots every day, has already infected one million businesses during the past month and could easily eclipse the size and devastation caused by Mirai. The malware and botnet, dubbed IOTroop, was spotted in September by researchers at Check Point who warn that 60 percen...

AVTECH Devices Multiple Vulnerabilities (CVE-2013-4980; CVE-2013-4981; CVE-2013-4982)

Multiple vulnerabilities exist in AVTECH devices. An attacker could exploit this vulnerability via direct requests. Successful exploitation of this vulnerability could allow a remote attacker to gain access to the devices...

VulnCheck KEV: CVE-2016-15047

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can...

AVTECH monitoring product without the need to login to SSRF vulnerability

In the DVR device, Search. the cgi can be accessed directly, Search. cgi is responsible for search and access to the local network of the camera, Search. cgi provides cgiquery function, by setting ip, port and queryb64str three parameters can achieve direct access to the local network of the...

AVTECH monitoring products information disclosure vulnerability

Due to/cgi-bin/nobody directory of the CGI script file run permissions set unreasonable, resulting in not certified the case directly to run this type of vulnerability has been in the plurality of devices appears, FEI news K1 is because the cgi file to perform the access restrictions unreasonable...

AVTECH Device Detection (HTTP)

HTTP based detection of AVTECH devices SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.809066";...

AVTECH Devices Multiple Vulnerabilities

AVTECH devices IP camera/NVR/DVR are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

AVTECH devices are vulnerable to plaintext storage of passwords

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. A vulnerability exists in AVTECH devices that store passwords in clear text. An attacker exploiting the vulnerability could...

Unauthorized Information Disclosure Vulnerability in AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An unauthorized information disclosure vulnerability exists in AVTECH devices. Due to the cgi-bin/ directory is not set with...

Server Side Request Forgery (SSRF) Vulnerability in AVTECH DVRs

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH DVR suffers from a server-side request forgery SSRF vulnerability. search.cgi provides search and access services for...

Command Injection Vulnerability in AVTECH DVRs

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. A command injection vulnerability exists in AVTECH DVR. Because the interface query function does not filter and validate th...

Login CAPTCHA Bypass Vulnerability in AVTECH Device Login Parameter

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. There is a login authentication code bypass vulnerability in the login parameter of AVTECH devices. When the login request...

File Download Vulnerability in AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. A file download vulnerability exists in AVTECH devices. As the cab file request authenticated by the streamd web server is t...

Authentication Command Injection Vulnerability in CloudSetup.cgi for AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authenticated command injection vulnerability exists in the AVTECH device CloudSetup.cgi. The exefile parameter requested...

Login CAPTCHA Bypass Vulnerability in AVTECH Device Cookies

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH device cookie has login authentication code bypass vulnerability.AVTECH device use base64 encoded username and passwo...

Authentication Command Injection Vulnerability in adcommand.cgi for AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authenticated command injection vulnerability exists in the AVTECH device adcommand.cgi.Avtech devices contain the...

Authentication Command Injection Vulnerability in PwdGrp.cgi for AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authentication command injection vulnerability exists in AVTECH device PwdGrp.cgi. The PwdGrp.cgi script can be used to...

HTTPS Protocol Certificate Validation Vulnerability in AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH devices are vulnerable to HTTPS protocol certificate validation vulnerability. SyncCloudAccount.sh, QueryFromClient.s...