CVE-2025-34066 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...

CVE-2025-34056 AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution

An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without...

CVE-2025-34056 AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution

An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without...

CVE-2025-34055

The CVE-2025-34055 issue affects AVTECH AVTECH IP cameras, DVRs, and NVRs exposing the adcommand.cgi endpoint that talks to the ActionD daemon. Authenticated users can call DoShellCmd and pass arbitrary input via strCmd; this input is executed by the system shell without sanitation, allowing comm...

PT-2025-27534 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH IP camera, DVR, and NVR devices affected versions not specified Description: A cross-site request forgery CSRF issue exists in the web interface of the devices. An attacker can craft malicious requests that, when executed in the contex...