CVE-2025-34051 Information

Jul 02, 2025 cve

Description

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip port and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems potentially exposing sensitive data or interacting with internal services.

Reference

https://avtech.com/ https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://www.exploit-db.com/exploits/40500

CNNVD-202507-046 (Published: 2025-07-01)

Share on:

CVE-2025-34051 Information

Description

Reference

Related CNNVD