CVE-2025-34054

CRITICAL EXPLOITED

AVTECH IP camera, DVR, and NVR Devices - Unauthenticated OS Command Injection via Search.cgi Parameters

Title source: llm

Exploitation Summary

CVE-2025-34054 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Gergely Eberhardt.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in Avtech devices, including unauthenticated command injection, authentication bypasses, and information disclosure. It provides proof-of-concept URLs and explanations for each vulnerability but does not contain executable exploit code.

Description

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.

Exploits (1)

exploitdb WRITEUP

by Gergely Eberhardt · pythonwebappscgi

https://www.exploit-db.com/exploits/40500

View Code ZIP pw:eip

This is a detailed writeup describing multiple vulnerabilities in Avtech devices, including unauthenticated command injection, authentication bypasses, and information disclosure. It provides proof-of-concept URLs and explanations for each vulnerability but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Avtech IP cameras, NVRs, DVRs (all firmware versions)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/40500

Various Sources product

https://avtech.com/

Various Sources third-party-advisory technical-description

https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

Various Sources exploit

https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

Third Party Advisory third-party-advisory

https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

Scores

CVSS v4 10.0

EPSS 0.0230

EPSS Percentile 85.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2020-10-22

CWE

CWE-78

Status published

Products (16)

AVTECH/IP camera, DVR, and NVR Devices 1008-1002-1005-1000

AVTECH/IP camera, DVR, and NVR Devices 1009-1003-1006-1001

AVTECH/IP camera, DVR, and NVR Devices 1009Y-1003Y-1006Y-1001Y

AVTECH/IP camera, DVR, and NVR Devices 1010-1004-1007-1001

AVTECH/IP camera, DVR, and NVR Devices 1011-1005-1008-1002

AVTECH/IP camera, DVR, and NVR Devices 1014-1005-1009-1002

AVTECH/IP camera, DVR, and NVR Devices 1015-1006-1010-1003

AVTECH/IP camera, DVR, and NVR Devices 1016-1007-1011-1003

AVTECH/IP camera, DVR, and NVR Devices 1017-1008-1012-1002

AVTECH/IP camera, DVR, and NVR Devices 1017Y-1008Y-1012Y-1002Y

... and 6 more

Published Jul 01, 2025

Tracked Since Feb 18, 2026