Lucene search
K

242 matches found

Vulnrichment
Vulnrichment
added 2025/07/01 2:46 p.m.5 views

CVE-2025-34055 AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed...

9.4CVSS8.3AI score0.01531EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:46 p.m.22 views

CVE-2025-34055

The CVE-2025-34055 issue affects AVTECH AVTECH IP cameras, DVRs, and NVRs exposing the adcommand.cgi endpoint that talks to the ActionD daemon. Authenticated users can call DoShellCmd and pass arbitrary input via strCmd; this input is executed by the system shell without sanitation, allowing comm...

9.4CVSS7.7AI score0.01531EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/01 2:46 p.m.13 views

CVE-2025-34054 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

10CVSS0.02709EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/01 2:46 p.m.3 views

CVE-2025-34054 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

10CVSS7.3AI score0.02709EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:46 p.m.51 views

CVE-2025-34054

AVTECH DVR devices are affected by CVE-2025-34054, an unauthenticated command injection via Search.cgi?action=cgi_query. The vulnerability stems from using wget without input sanitization, allowing an attacker to inject shell commands through the username or queryb64str parameters and execute the...

10CVSS7.3AI score0.02709EPSS
In wildExploits0References5
Cvelist
Cvelist
added 2025/07/01 2:45 p.m.8 views

CVE-2025-34053 AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints...

6.9CVSS0.0055EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/01 2:45 p.m.3 views

CVE-2025-34053 AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints...

6.9CVSS7.4AI score0.0055EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:45 p.m.27 views

CVE-2025-34053

CVE-2025-34053 affects AVTECH IP cameras, DVRs, and NVRs and stems from the streamd web server. The root cause is misuse of strstr to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints. The CVE’s published metrics indicate a CVSSv4...

6.9CVSS6.8AI score0.0055EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/01 2:44 p.m.8 views

CVE-2025-34052

...

Exploits0
Vulnrichment
Vulnrichment
added 2025/07/01 2:44 p.m.2 views

CVE-2025-34052

...

6.5AI score
Exploits0
CVE
CVE
added 2025/07/01 2:44 p.m.20 views

CVE-2025-34052

The CVE concerns AVTECH IP cameras, DVRs, and NVRs where an unauthenticated request to Machine.cgi?action=get_capability exposes internal device details (firmware version, MAC address, supported codecs). This is an unauthenticated information-disclosure issue, enabling fingerprinting/Discovery bu...

6.4AI score
Exploits0
Cvelist
Cvelist
added 2025/07/01 2:44 p.m.16 views

CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

6.9CVSS0.0051EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/01 2:44 p.m.5 views

CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

6.9CVSS6.8AI score0.0051EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:44 p.m.22 views

CVE-2025-34051

CVE-2025-34051 describes a server-side request forgery in AVTECH DVR devices. The unauthenticated vulnerability targets /cgi-bin/nobody/Search.cgi?action=cgi_query and lets an attacker supply ip, port, and queryb64str to force the DVR to perform arbitrary HTTP requests, potentially leaking data o...

6.9CVSS6.8AI score0.0051EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/01 2:42 p.m.8 views

CVE-2025-34050 AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration...

5.1CVSS0.00246EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/01 2:42 p.m.4 views

CVE-2025-34050 AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration...

5.1CVSS7.1AI score0.00246EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:42 p.m.25 views

CVE-2025-34050

Technical details about affected products/versions and fixes are not publicly available in the provided connected documents. Monitor for updates.

5.1CVSS6.5AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.2 views

AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞

AVTECH IP camera and others are products of AVTECH Corporation, USA.AVTECH IP camera is a series of network security cameras.AVTECH DVR is a digital video recording host.AVTECH NVR is a network video recorder. A security vulnerability exists in AVTECH IP camera, AVTECH DVR and AVTECH NVR that...

6.9CVSS6.7AI score0.00538EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.4 views

AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞

AVTECH IP camera and others are products of AVTECH Corporation, U.S.A. AVTECH IP camera is a series of network security cameras.AVTECH DVR is a digital video recording host.AVTECH NVR is a network video recorder. A security vulnerability exists in AVTECH IP camera, AVTECH DVR, and AVTECH NVR that...

8.3CVSS6.7AI score0.00269EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.3 views

AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞

AVTECH IP camera and others are products of AVTECH Corporation, USA.AVTECH IP camera is a series of network security cameras.AVTECH DVR is a digital video recording host.AVTECH NVR is a network video recorder. A security vulnerability exists in AVTECH IP camera, AVTECH DVR and AVTECH NVR that...

6.9CVSS6.7AI score0.0055EPSS
Exploits0References8
Rows per page
Query Builder