CVE-2013-4982

CRITICAL NUCLEI

AVTECH AVN801 DVR Firmware - Authentication Bypass via Captcha

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4982. PoCs published by Core Security. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates three vulnerabilities in AVTECH DVR devices: a buffer overflow in the RTSP packet handler (CVE-2013-4980), a buffer overflow in '/cgi-bin/user/Config.cgi' (CVE-2013-4981), and a CAPTCHA bypass (CVE-2013-4982). Each vulnerability is exploited via crafted network requests, leading to potential remote code execution or security bypass.

Description

AVTECH AVN801 DVR has a security bypass via the administration login captcha

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textdoshardware

https://www.exploit-db.com/exploits/27942

View Code ZIP pw:eip

The exploit demonstrates three vulnerabilities in AVTECH DVR devices: a buffer overflow in the RTSP packet handler (CVE-2013-4980), a buffer overflow in '/cgi-bin/user/Config.cgi' (CVE-2013-4981), and a CAPTCHA bypass (CVE-2013-4982). Each vulnerability is exploited via crafted network requests, leading to potential remote code execution or security bypass.

Classification

Working Poc 100%

Attack Type

Rce | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: AVTECH DVR 4CH H.264 (AVN801) firmware 1017-1003-1009-1003

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

AVTECH DVR - Login Verification Code Bypass

LOWVERIFIEDby ritikchaddha

Shodan: title:"login" product:"Avtech"

FOFA: app="AVTECH-视频监控"

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/62035

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2013/Aug/284

Exploit x_refsource_misc

https://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities

Scores

CVSS v3 9.8

EPSS 0.3962

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

avtech/avn801_dvr_firmware 1017-1003-1009-1003

Published Dec 27, 2019

Tracked Since Feb 18, 2026