Lewis Patten - Security Researcher - Exploit Intelligence Platform

CVE-2025-57198 WRITEUP HIGH WRITEUP

Avtech Dgm1104 Firmware - Command Injection

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

CVSS 8.8

View Code

CVE-2025-57200 WRITEUP MEDIUM WRITEUP

Avtech Dgm1104 Firmware - Command Injection

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

CVSS 6.5

View Code

CVE-2025-57201 WRITEUP HIGH WRITEUP

Avtech Dgm1104 Firmware - Command Injection

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

CVSS 8.8

View Code

CVE-2025-57202 WRITEUP MEDIUM WRITEUP

Avtech Dgm1104 Firmware - XSS

A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field.

CVSS 6.1

View Code