Avtech Dvr Devices vulnerabilities
3 known vulnerabilities affecting avtech/dvr_devices.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-34051P1MEDIUMCVSS 6.9Exploitedv1001-1000-1000-1000v1001-1000-1001-1001+69 more2025-07-01
CVE-2025-34051 [MEDIUM] CWE-200 CVE-2025-34051: A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devic
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentia
nvd
CVE-2025-34066P3HIGHCVSS 8.3v02025-07-01
CVE-2025-34066 [HIGH] CWE-295 CVE-2025-34066: An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.
nvd
CVE-2025-34050P4MEDIUMCVSS 5.1v02025-07-01
CVE-2025-34050 [MEDIUM] CWE-352 CVE-2025-34050: A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, D
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.
nvd