Lucene search
K

955 matches found

RedhatCVE
RedhatCVE
added 2025/07/03 3:22 p.m.16 views

CVE-2025-34053

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints...

6.9CVSS7.5AI score0.0055EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/01 2:47 p.m.5 views

CVE-2025-34066 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...

8.3CVSS7AI score0.00269EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:46 p.m.27 views

CVE-2025-34056

CVE-2025-34056 affects AVTECH IP camera, DVR, and NVR devices. The vulnerability is an OS command injection in the PwdGrp.cgi endpoint that manages users/groups. Authenticated users can pass input via the pwd or grp parameters, which are embedded into system commands without proper sanitization, ...

9.4CVSS7.7AI score0.01802EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/01 2:46 p.m.14 views

CVE-2025-34055 AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed...

9.4CVSS0.01531EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:45 p.m.29 views

CVE-2025-34053

CVE-2025-34053 affects AVTECH IP cameras, DVRs, and NVRs and stems from the streamd web server. The root cause is misuse of strstr to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints. The CVE’s published metrics indicate a CVSSv4...

6.9CVSS6.8AI score0.0055EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:44 p.m.20 views

CVE-2025-34052

The CVE concerns AVTECH IP cameras, DVRs, and NVRs where an unauthenticated request to Machine.cgi?action=get_capability exposes internal device details (firmware version, MAC address, supported codecs). This is an unauthenticated information-disclosure issue, enabling fingerprinting/Discovery bu...

6.4AI score
Exploits0
Cvelist
Cvelist
added 2025/07/01 2:44 p.m.9 views

CVE-2025-34052

...

Exploits0
OpenVAS
OpenVAS
added 2025/06/27 12:0 a.m.12 views

D-Link Multiple DCS IP Camera Devices Multiple Vulnerabilities (SAP10247)

Multiple D-Link DCS IP camera devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.09972EPSS
Exploits8References10
NVD
NVD
added 2025/06/26 4:15 p.m.15 views

CVE-2025-34042

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS0.01763EPSS
Exploits1References7
CVE
CVE
added 2025/06/26 3:51 p.m.33 views

CVE-2025-34042

CVE-2025-34042 describes an authenticated command-injection vulnerability in Beward N100 IP Camera firmware version M2.1.6.04C014. The issue stems from unsafely embedded ServerName and TimeZone parameters in the servetest CGI page, allowing an authenticated attacker with web-interface access to i...

9.4CVSS8.2AI score0.01763EPSS
In wildExploits1References7
Cvelist
Cvelist
added 2025/06/26 3:51 p.m.12 views

CVE-2025-34042 Beward N100 IP Camera Remote Command Execution

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS0.01763EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/06/26 3:51 p.m.6 views

CVE-2025-34042 Beward N100 IP Camera Remote Command Execution

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS8.2AI score0.01763EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.8 views

PT-2025-26991

Name of the Vulnerable Software and Affected Versions: Beward N100 IP Camera version M2.1.6.04C014 Description: An authenticated command injection issue exists via the ServerName and TimeZone parameters in the "servetest" CGI page. An attacker with web interface access can inject arbitrary system...

9.4CVSS8.1AI score0.01763EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

Beward N100 IP Camera 安全漏洞

Beward N100 IP Camera is an open source camera from Beward, Russia. A security vulnerability exists in Beward N100 IP Camera version M2.1.6.04C014, which is caused by incorrect manipulation of the ServerName and TimeZone parameters in the servetest CGI page, resulting in a command injection attac...

9.4CVSS7.1AI score0.01763EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/06/25 12:53 a.m.7 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

9.8CVSS8.1AI score0.00903EPSS
Exploits1References1
NVD
NVD
added 2025/06/23 3:15 p.m.6 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

9.8CVSS0.00903EPSS
Exploits1References2
OSV
OSV
added 2025/06/23 3:15 p.m.4 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

9.8CVSS6.1AI score0.00903EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.12 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

0.00903EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/23 12:0 a.m.3 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

8AI score0.00903EPSS
Exploits1References2
CVE
CVE
added 2025/06/23 12:0 a.m.27 views

CVE-2023-48978

CVE-2023-48978 affects NCR ITM Web terminal versions 4.4.0 and 4.4.4. The root cause is improper handling of specially crafted scripts by the IP camera URL component, enabling a remote attacker to execute arbitrary code. The CVSS-3.1 score is 9.8 (CRITICAL) with NETWORK attack vector, no privileg...

9.8CVSS7.5AI score0.00903EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder