CVE-2025-34065

MEDIUM

AVTECH IP camera, DVR, and NVR Devices - Unauthenticated Authentication Bypass via /nobody URL Path

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34065. PoCs published by Gergely Eberhardt, Savanooo.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in Avtech devices, including unauthenticated command injection, authentication bypasses, and information disclosure. It provides proof-of-concept URLs and explanations for each vulnerability but does not contain executable exploit code.

Description

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

Exploits (2)

exploitdb WRITEUP

by Gergely Eberhardt · pythonwebappscgi

https://www.exploit-db.com/exploits/40500

View Code ZIP pw:eip

This is a detailed writeup describing multiple vulnerabilities in Avtech devices, including unauthenticated command injection, authentication bypasses, and information disclosure. It provides proof-of-concept URLs and explanations for each vulnerability but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Avtech IP cameras, NVRs, DVRs (all firmware versions)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by Savanooo · poc

https://github.com/Savanooo/avtech-cve-2025-34065-analysis

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-34065, targeting AVTECH devices. It includes authentication bypass, command injection, and credential extraction capabilities via multiple CGI endpoints.

Classification

Working Poc 95%

Attack Type

Rce | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: AVTECH devices (specific firmware versions not specified)

No auth needed

Prerequisites: Network access to target device · CGI endpoints exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution T1078 - Valid Accounts T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 13, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources product

https://avtech.com/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/40500

Various Sources third-party-advisory technical-description

https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

Various Sources exploit

https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

Third Party Advisory third-party-advisory

https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

Scores

CVSS v4 6.9

EPSS 0.0054

EPSS Percentile 40.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (50)

AVTECH/IP camera, DVR, and NVR Devices 1000-1000-1000-1000

AVTECH/IP camera, DVR, and NVR Devices 1000C-1000C-1000C-1000C

AVTECH/IP camera, DVR, and NVR Devices 1001-1000-1000-1000

AVTECH/IP camera, DVR, and NVR Devices 1001-1001-1000-1000

AVTECH/IP camera, DVR, and NVR Devices 1002-1000-1000-1000

AVTECH/IP camera, DVR, and NVR Devices 1002-1002-1000-1002

AVTECH/IP camera, DVR, and NVR Devices 1002D-1000D-1000D-1000D

AVTECH/IP camera, DVR, and NVR Devices 1003-1000-1000-1001

AVTECH/IP camera, DVR, and NVR Devices 1003-1001-1001-1000

AVTECH/IP camera, DVR, and NVR Devices 1003-1002-1001-1000

... and 40 more

Published Jul 01, 2025

Tracked Since Feb 18, 2026