242 matches found
AVTECH {DVR/NVR/IPC} IPCP API RCE
!/usr/bin/env python2.7 SOF Subject: AVTECH DVR/NVR/IPC IPCP API admin l/p, RCE 2018 bashis Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis March 2018 Authenticated Reverse Shell; Using admin l/p that we can retrieve with unauthenticated and undocumented...
AVTECH Remote Command Execution Vulnerability in Multiple Products
AVTECH is a Taiwanese manufacturer of video surveillance equipment. The main products are surveillance equipment, network cameras, network video recorders and so on. A remote command execution vulnerability exists in AVTECH DVR/NVR/IPC devices. An attacker can exploit the vulnerability to perform...
AVTECH {DVR/NVR/IPC} Authenticated RCE
!/usr/bin/env python2.7 SOF Subject: AVTECH DVR/NVR/IPC Authenticated RCE 2018 bashis Attack vector: Remote Authentication: Authenticated Credentials needed Researcher: bashis March 2018 http://www.avtech.com.tw/ """ $./AVTECH-RCE.py --rhost 192.168.57.20 --rport 80 --lhost 192.168.57.1 --lport...
AVTech Web Interface Detection
Binary data avtechdetect.nbin...
AVTech Multiple Vulnerabilities
The remote AVTech device is affected by multiple vulnerabilities. Depending on the firmware version the vulnerabilities may include: - All user passwords are stored in cleartext - The web interface does not use CSRF protections - An attacker is able to perform arbitrary HTTP requests through the...
‘IOTroop’ Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher
A botnet, which is adding new bots every day, has already infected one million businesses during the past month and could easily eclipse the size and devastation caused by Mirai. The malware and botnet, dubbed IOTroop, was spotted in September by researchers at Check Point who warn that 60 percen...
AVTECH Devices Multiple Vulnerabilities (CVE-2013-4980; CVE-2013-4981; CVE-2013-4982)
Multiple vulnerabilities exist in AVTECH devices. An attacker could exploit this vulnerability via direct requests. Successful exploitation of this vulnerability could allow a remote attacker to gain access to the devices...
VulnCheck KEV: CVE-2016-15047
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can...
AVTECH monitoring products information disclosure vulnerability
Due to/cgi-bin/nobody directory of the CGI script file run permissions set unreasonable, resulting in not certified the case directly to run this type of vulnerability has been in the plurality of devices appears, FEI news K1 is because the cgi file to perform the access restrictions unreasonable...
AVTECH monitoring product without the need to login to SSRF vulnerability
In the DVR device, Search. the cgi can be accessed directly, Search. cgi is responsible for search and access to the local network of the camera, Search. cgi provides cgiquery function, by setting ip, port and queryb64str three parameters can achieve direct access to the local network of the...
AVTECH Device Detection (HTTP)
HTTP based detection of AVTECH devices SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.809066";...
AVTECH Devices Multiple Vulnerabilities
AVTECH devices IP camera/NVR/DVR are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
HTTPS Protocol Certificate Validation Vulnerability in AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH devices are vulnerable to HTTPS protocol certificate validation vulnerability. SyncCloudAccount.sh, QueryFromClient.s...
Unauthorized Information Disclosure Vulnerability in AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An unauthorized information disclosure vulnerability exists in AVTECH devices. Due to the cgi-bin/ directory is not set with...
Command Injection Vulnerability in AVTECH DVRs
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. A command injection vulnerability exists in AVTECH DVR. Because the interface query function does not filter and validate th...
Login CAPTCHA Bypass Vulnerability in AVTECH Device Login Parameter
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. There is a login authentication code bypass vulnerability in the login parameter of AVTECH devices. When the login request...
File Download Vulnerability in AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. A file download vulnerability exists in AVTECH devices. As the cab file request authenticated by the streamd web server is t...
Authentication Command Injection Vulnerability in CloudSetup.cgi for AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authenticated command injection vulnerability exists in the AVTECH device CloudSetup.cgi. The exefile parameter requested...
Login CAPTCHA Bypass Vulnerability in AVTECH Device Cookies
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH device cookie has login authentication code bypass vulnerability.AVTECH device use base64 encoded username and passwo...
Authentication Command Injection Vulnerability in adcommand.cgi for AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authenticated command injection vulnerability exists in the AVTECH device adcommand.cgi.Avtech devices contain the...