CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 2CVE-2025-34066 – AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34066
01 Jul 2025 — An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks. Existe una vulnerabilidad de validación incorrecta de certificados en AVTECH IP cameras, DVRs, y NVRs debido al uso de wget con --no-check-certificate en scripts como SyncCloudAccount.sh y SyncPermit.sh. Esto expone las comunicaciones HTTPS a... • https://avtech.com • CWE-295: Improper Certificate Validation •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34056 – AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
https://notcve.org/view.php?id=CVE-2025-34056
01 Jul 2025 — An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges. Existe una vulnerabilidad de inyección de comandos del sistema operativo en AVTECH IP camera, DVR, y NVR a través de... • https://avtech.com • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2025-34052 – AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34052
01 Jul 2025 — An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and NVRs via Machine.cgi?action=get_capability. Sensitive internal device information such as firmware version, MAC address, and codec support can be accessed without authentication. Existe una vulnerabilidad de divulgación de información no autenticada en AVTECH IP cameras, DVRs, y NVRs mediante Machine.cgi?action=get_capability. • https://avtech.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2025-34050 – AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2025-34050
01 Jul 2025 — A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction. Existe una vulnerabilidad de cross-site request forgery (CSRF) en la interfaz web de AVTECH IP camera, DVR, y NVR. Un atacante puede manipular solicitudes maliciosas que, al ejecutarse en el... • https://avtech.com • CWE-352: Cross-Site Request Forgery (CSRF) •