CVE-2025-34065
MEDIUMAVTECH - Auth Bypass
Title source: llmDescription
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
Exploits (2)
References (5)
Scores
CVSS v4
6.9
EPSS
0.0013
EPSS Percentile
32.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Details
CWE
CWE-290
Status
published
Products (50)
AVTECH/IP camera, DVR, and NVR Devices
1000-1000-1000-1000
AVTECH/IP camera, DVR, and NVR Devices
1000C-1000C-1000C-1000C
AVTECH/IP camera, DVR, and NVR Devices
1001-1000-1000-1000
AVTECH/IP camera, DVR, and NVR Devices
1001-1001-1000-1000
AVTECH/IP camera, DVR, and NVR Devices
1002-1000-1000-1000
AVTECH/IP camera, DVR, and NVR Devices
1002-1002-1000-1002
AVTECH/IP camera, DVR, and NVR Devices
1002D-1000D-1000D-1000D
AVTECH/IP camera, DVR, and NVR Devices
1003-1000-1000-1001
AVTECH/IP camera, DVR, and NVR Devices
1003-1001-1001-1000
AVTECH/IP camera, DVR, and NVR Devices
1003-1002-1001-1000
... and 40 more
Published
Jul 01, 2025
Tracked Since
Feb 18, 2026