EUVD-2025-19642

Malicious code in bioql PyPI...

CVE-2025-34056

An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without...

CVE-2025-34053

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints...

CVE-2025-34066 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...

CVE-2025-34056

CVE-2025-34056 affects AVTECH IP camera, DVR, and NVR devices. The vulnerability is an OS command injection in the PwdGrp.cgi endpoint that manages users/groups. Authenticated users can pass input via the pwd or grp parameters, which are embedded into system commands without proper sanitization, ...

CVE-2025-34053

CVE-2025-34053 affects AVTECH IP cameras, DVRs, and NVRs and stems from the streamd web server. The root cause is misuse of strstr to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints. The CVE’s published metrics indicate a CVSSv4...

CVE-2025-34052

...

CVE-2025-34052

The CVE concerns AVTECH IP cameras, DVRs, and NVRs where an unauthenticated request to Machine.cgi?action=get_capability exposes internal device details (firmware version, MAC address, supported codecs). This is an unauthenticated information-disclosure issue, enabling fingerprinting/Discovery bu...

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 CVSS score: 8.7, the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circui...

AVTECH IP camera 命令注入漏洞

AVTECH IP camera is a series of network security cameras from AVTECH. AVTECH IP camera suffers from a command injection vulnerability that originates from commands that can be injected over the network and executed without authentication...

CVE-2024-7029

Commands can be injected over the network and executed without authentication. Recent assessments: ccondon-r7 at September 17, 2024 11:39pm UTC reported: TL;DR: Unpatched command injection vulnerability in an end-of-life IP camera, being exploited to drop a Mirai botnet malware variant. Public Po...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on August 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-214-01 Johnson Controls exacqVision Client and exacqVision Server ICSA-24-214-02 Johnso...

Avtech IP Camera Default Credentials (HTTP)

The remote installation of Avtech SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.114064";...