CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 2CVE-2025-34066 – AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34066
01 Jul 2025 — An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks. Existe una vulnerabilidad de validación incorrecta de certificados en AVTECH IP cameras, DVRs, y NVRs debido al uso de wget con --no-check-certificate en scripts como SyncCloudAccount.sh y SyncPermit.sh. Esto expone las comunicaciones HTTPS a... • https://avtech.com • CWE-295: Improper Certificate Validation •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34056 – AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
https://notcve.org/view.php?id=CVE-2025-34056
01 Jul 2025 — An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges. Existe una vulnerabilidad de inyección de comandos del sistema operativo en AVTECH IP camera, DVR, y NVR a través de... • https://avtech.com • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2025-34052 – AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34052
01 Jul 2025 — An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and NVRs via Machine.cgi?action=get_capability. Sensitive internal device information such as firmware version, MAC address, and codec support can be accessed without authentication. Existe una vulnerabilidad de divulgación de información no autenticada en AVTECH IP cameras, DVRs, y NVRs mediante Machine.cgi?action=get_capability. • https://avtech.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2025-34050 – AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2025-34050
01 Jul 2025 — A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction. Existe una vulnerabilidad de cross-site request forgery (CSRF) en la interfaz web de AVTECH IP camera, DVR, y NVR. Un atacante puede manipular solicitudes maliciosas que, al ejecutarse en el... • https://avtech.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 88%CPEs: 2EXPL: 4CVE-2024-7029 – Command Injection in AVTech AVM1203 (IP Camera)
https://notcve.org/view.php?id=CVE-2024-7029
02 Aug 2024 — Commands can be injected over the network and executed without authentication. • https://github.com/ebrasha/CVE-2024-7029 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 8%CPEs: 2EXPL: 2CVE-2019-13379
https://notcve.org/view.php?id=CVE-2019-13379
07 Jul 2019 — On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. En los dispositivos Room Alert 3E anteriores a versión 2.2.5 de AVTECH, un atacante con acceso a la interfaz web del dispositivo puede escalar los privilegios desde un usuario no identificado hacia un administrador mediante la ejecución de... • https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 4CVE-2013-4981 – AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4981
28 Aug 2013 — Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter. Desbordamiento de buffer en cgi-bin/user/Config.cgi en AVTECH AVN801 DVR con firmware 1017-1003-1009-1003 y anteriores, y posiblemente otros dispositivos, permite a atacantes remotos causar una denegación de se... • https://packetstorm.news/files/id/122998 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 28%CPEs: 2EXPL: 4CVE-2013-4982 – AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4982
28 Aug 2013 — AVTECH AVN801 DVR has a security bypass via the administration login captcha AVTECH AVN801 DVR tiene una omisión de seguridad por medio del captcha de inicio de sesión de administración. • https://packetstorm.news/files/id/122998 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 4CVE-2013-4980 – AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4980
28 Aug 2013 — Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request. Desbordamiento de buffer en el manejador de paquetes RTSP en AVTECH AVN801 DVR con firmware 1017-1003-1009-1003 y anteriores, y posiblemente otros dispositivos, permite a atacantes remotos causar una denegación de ... • https://packetstorm.news/files/id/122998 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3939
https://notcve.org/view.php?id=CVE-2008-3939
05 Sep 2008 — Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. Vulnerabilidad de Salto de Directorio del interfaz web en AVTECH PageR Enterprise anteriores a la 5.0.7 permite a atacantes remotos leer arbitrariamente archivos mediante secuencias de salto de directorio en la URI. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064227.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •