CVE-2025-34051

MEDIUM EXPLOITED

AVTECH DVR - SSRF

Title source: llm

Description

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.

Exploits (1)

exploitdb WRITEUP

by Gergely Eberhardt · pythonwebappscgi

https://www.exploit-db.com/exploits/40500

View Code ZIP pw:eip

References (5)

[Various Sources] https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

[Various Sources] https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

[Various Sources] https://avtech.com/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40500

[Third Party Advisory] https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

Scores

CVSS v4 6.9

EPSS 0.0013

EPSS Percentile 32.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Details

VulnCheck KEV 2018-07-24

CWE

CWE-200 CWE-918

Status published

Products (50)

AVTECH/DVR devices 1001-1000-1000-1000

AVTECH/DVR devices 1001-1000-1001-1001

AVTECH/DVR devices 1002-1000-1002-1001

AVTECH/DVR devices 1002-1001-1000-1000

AVTECH/DVR devices 1002-1001-1001-1001

AVTECH/DVR devices 1004-1002-1001-1000

AVTECH/DVR devices 1004-1002-1003-1000-FFFF

AVTECH/DVR devices 1004V-1002V-1003V-1001V

AVTECH/DVR devices 1004Y-1002Y-1001EJ-1000Y

AVTECH/DVR devices 1004Y-1002Y-1001Y-1000Y

... and 40 more

Published Jul 01, 2025

Tracked Since Feb 18, 2026