CVE-2025-34050

AVTECH - CSRF

Title source: llm

Description

A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.

Exploits (1)

exploitdb WRITEUP

by Gergely Eberhardt · pythonwebappscgi

https://www.exploit-db.com/exploits/40500

View Code ZIP pw:eip

References (5)

[Various Sources] https://avtech.com/

[Third Party Advisory] https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

[Various Sources] https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

[Various Sources] https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40500

Scores

EPSS 0.0004

EPSS Percentile 11.8%

Classification

CWE

CWE-352

Status draft

Timeline

Published Jul 01, 2025

Tracked Since Feb 18, 2026