CVE-2025-34050

MEDIUM

AVTECH - CSRF

Title source: llm

Description

A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.

Exploits (1)

exploitdb WRITEUP

by Gergely Eberhardt · pythonwebappscgi

https://www.exploit-db.com/exploits/40500

View Code ZIP pw:eip

References (5)

[Various Sources] https://avtech.com/

[Various Sources] https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

[Various Sources] https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

[Third Party Advisory] https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40500

Scores

CVSS v4 5.1

EPSS 0.0022

EPSS Percentile 44.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (3)

AVTECH/DVR devices

AVTECH/IP cameras

AVTECH/NVR devices

Published Jul 01, 2025

Tracked Since Feb 18, 2026