CVE-2025-34066 Information

Jul 02, 2025 cve

Description

An improper certificate validation vulnerability exists in AVTECH IP cameras DVRs and NVRs due to the use of wget with –no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.

Reference

https://avtech.com/ https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://www.exploit-db.com/exploits/40500

CNNVD-202507-059 (Published: 2025-07-01)

Share on:

CVE-2025-34066 Information

Description

Reference

Related CNNVD