CVE-2025-34066
published 2025-07-01CVE-2025-34066: An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like…
PriorityP341high8.3CVSS 4.0
AVNACLATPPRNUINVCHVILVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.27%
18.4th percentile
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avtech | dvr_devices | — | — |
| avtech | ip_cameras | — | — |
| avtech | nvr_devices | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://avtech.com/https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulnshttps://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECHhttps://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/40500
2025-07-01
Published