CVE-2025-34053 Information

Jul 02, 2025 cve

Description

An authentication bypass vulnerability exists in AVTECH IP camera DVR and NVR devices’ streamd web server. The strstr() function is used to identify .cab\ requests allowing any URL containing .cab\ to bypass authentication and access protected endpoints.

Reference

https://avtech.com/ https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://www.exploit-db.com/exploits/40500

CNNVD-202507-048 (Published: 2025-07-01)

Share on:

CVE-2025-34053 Information

Description

Reference

Related CNNVD