CVE-2025-34065 Information
Jul 02, 2025
cve
Description
An authentication bypass vulnerability exists in AVTECH IP camera DVR and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing /nobody\ in the URL bypassing login controls.
Reference
https://avtech.com/ https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://www.exploit-db.com/exploits/40500
Related CNNVD
CNNVD-202507-057 (Published: 2025-07-01)
Share on: