CVE-2025-34056 Information

Jul 02, 2025 cve

Description

An OS command injection vulnerability exists in AVTECH IP camera DVR and NVR devices via the PwdGrp.cgi endpoint which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.

Reference

https://avtech.com/ https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://www.exploit-db.com/exploits/40500

CNNVD-202507-050 (Published: 2025-07-01)

Share on:

CVE-2025-34056 Information

Description

Reference

Related CNNVD