CVE-2013-4981

AVTECH AVN801 DVR <1017-1003-1009-1003 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4981.

AI-analyzed exploit summary The provided code includes functional Python scripts demonstrating buffer overflow vulnerabilities in AVTECH DVR devices via RTSP and HTTP POST requests, as well as a CAPTCHA bypass. These exploits can lead to remote code execution without authentication.

Description

Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter.

Exploits (1)

exploitdb WORKING POC

doshardware

https://www.exploit-db.com/exploits/27942

View Code ZIP pw:eip

The provided code includes functional Python scripts demonstrating buffer overflow vulnerabilities in AVTECH DVR devices via RTSP and HTTP POST requests, as well as a CAPTCHA bypass. These exploits can lead to remote code execution without authentication.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AVTECH AVN801 DVR firmware 1017-1003-1009-1003

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Aug/284

Exploit x_refsource_misc

http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/96693

Scores

EPSS 0.0686

EPSS Percentile 93.2%

Details

CWE

CWE-119

Status published

Products (2)

avtech/avn801_dvr

avtech/avn801_dvr_firmware < 1017-1003-1009-1003

Published Mar 03, 2014

Tracked Since Feb 18, 2026