CVE-2025-34050

MEDIUM

AVTECH IP cameras, DVR, and NVR devices - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-34050. PoCs published by Gergely Eberhardt.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in Avtech devices, including unauthenticated command injection, authentication bypasses, and information disclosure. It provides proof-of-concept URLs and explanations for each vulnerability but does not contain executable exploit code.

Description

A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.

Exploits (1)

exploitdb WRITEUP

by Gergely Eberhardt · pythonwebappscgi

https://www.exploit-db.com/exploits/40500

View Code ZIP pw:eip

This is a detailed writeup describing multiple vulnerabilities in Avtech devices, including unauthenticated command injection, authentication bypasses, and information disclosure. It provides proof-of-concept URLs and explanations for each vulnerability but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Avtech IP cameras, NVRs, DVRs (all firmware versions)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources product

https://avtech.com/

Various Sources third-party-advisory technical-description

https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

Various Sources exploit

https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

Third Party Advisory third-party-advisory

https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/40500

Scores

CVSS v4 5.1

EPSS 0.0025

EPSS Percentile 15.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (3)

AVTECH/DVR devices

AVTECH/IP cameras

AVTECH/NVR devices

Published Jul 01, 2025

Tracked Since Feb 18, 2026