CVE-2025-34051

MEDIUM EXPLOITED

AVTECH DVR - Server-Side Request Forgery

Title source: llm

Exploitation Summary

CVE-2025-34051 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Gergely Eberhardt.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in Avtech devices, including unauthenticated command injection, authentication bypasses, and information disclosure. It provides proof-of-concept URLs and explanations for each vulnerability but does not contain executable exploit code.

Description

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.

Exploits (1)

exploitdb WRITEUP

by Gergely Eberhardt · pythonwebappscgi

https://www.exploit-db.com/exploits/40500

View Code ZIP pw:eip

This is a detailed writeup describing multiple vulnerabilities in Avtech devices, including unauthenticated command injection, authentication bypasses, and information disclosure. It provides proof-of-concept URLs and explanations for each vulnerability but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Avtech IP cameras, NVRs, DVRs (all firmware versions)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/40500

Various Sources product

https://avtech.com/

Various Sources third-party-advisory technical-description

https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

Various Sources exploit

https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

Third Party Advisory third-party-advisory

https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

Scores

CVSS v4 6.9

EPSS 0.0040

EPSS Percentile 61.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2018-07-24

CWE

CWE-200 CWE-918

Status published

Products (50)

AVTECH/DVR devices 1001-1000-1000-1000

AVTECH/DVR devices 1001-1000-1001-1001

AVTECH/DVR devices 1002-1000-1002-1001

AVTECH/DVR devices 1002-1001-1000-1000

AVTECH/DVR devices 1002-1001-1001-1001

AVTECH/DVR devices 1004-1002-1001-1000

AVTECH/DVR devices 1004-1002-1003-1000-FFFF

AVTECH/DVR devices 1004V-1002V-1003V-1001V

AVTECH/DVR devices 1004Y-1002Y-1001EJ-1000Y

AVTECH/DVR devices 1004Y-1002Y-1001Y-1000Y

... and 40 more

Published Jul 01, 2025

Tracked Since Feb 18, 2026