CVE-2025-34055

CRITICAL

AVTECH DVR-NVR-IP Camera - Command Injection

Title source: llm

Description

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.

Exploits (1)

exploitdb WRITEUP

by Gergely Eberhardt · pythonwebappscgi

https://www.exploit-db.com/exploits/40500

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40500

[Various Sources] https://avtech.com/

[Various Sources] https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

[Various Sources] https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

[Third Party Advisory] https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

Scores

CVSS v4 9.4

EPSS 0.0179

EPSS Percentile 82.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-20 CWE-78

Status published

Products (50)

AVTECH/IP camera, DVR, and NVR Devices 1001-1000-1000-1000

AVTECH/IP camera, DVR, and NVR Devices 1002-1000-1000-1000

AVTECH/IP camera, DVR, and NVR Devices 1002-1001-1001-1001

AVTECH/IP camera, DVR, and NVR Devices 1003-1000-1001-1000

AVTECH/IP camera, DVR, and NVR Devices 1003-1001-1001-1000

AVTECH/IP camera, DVR, and NVR Devices 1003-1001-1001-1001

AVTECH/IP camera, DVR, and NVR Devices 1004-1000-1000-1000

AVTECH/IP camera, DVR, and NVR Devices 1004-1001-1001-1001

AVTECH/IP camera, DVR, and NVR Devices 1004-1001-1002-1000

AVTECH/IP camera, DVR, and NVR Devices 1004-1002-1001-1000

... and 40 more

Published Jul 01, 2025

Tracked Since Feb 18, 2026