cbcvebase.
CVE-2025-34051
published 2025-07-01

CVE-2025-34051: A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the…

PriorityP181medium6.9CVSS 4.0
AVNACLATNPRNUINVCNVILVANSCLSILSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.51%
39.6th percentile
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.

Affected

71 ranges· showing 25
VendorProductVersion rangeFixed in
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices
avtechdvr_devices

CVSS provenance

nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.