Refine your search

1 vulnerability found for by AVTECH

CVE-2025-34054 (GCVE-0-2025-34054)
Vulnerability from cvelistv5
Published
2025-07-01 14:46
Modified
2025-11-20 20:51
Severity ?
10.0 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
References
Impacted products
Vendor Product Version
AVTECH IP camera, DVR, and NVR Devices Version: 1008-1002-1005-1000
Version: 1009-1003-1006-1001
Version: 1009Y-1003Y-1006Y-1001Y
Version: 1010-1004-1007-1001
Version: 1011-1005-1008-1002
Version: 1014-1005-1009-1002
Version: 1015-1006-1010-1003
Version: 1016-1007-1011-1003
Version: 1017-1008-1012-1002
Version: 1017Y-1008Y-1012Y-1002Y
Version: 1018-1008-1012-1004
Version: 1019-1009-1013-1003
Version: 1019c-1012c-1014c-1001c-FFFF
Version: 1022-1014-1016-1002-FFFF
Version: 1022Y-1014Y-1016Y-1002Y-FFFF
Version: 1023-1014-1017-1002-FFFF
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34054",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T18:46:33.820743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T18:46:40.272Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Search.cgi",
            "username parameter",
            "queryb64str"
          ],
          "product": "IP camera, DVR, and NVR Devices",
          "vendor": "AVTECH",
          "versions": [
            {
              "status": "affected",
              "version": "1008-1002-1005-1000"
            },
            {
              "status": "affected",
              "version": "1009-1003-1006-1001"
            },
            {
              "status": "affected",
              "version": "1009Y-1003Y-1006Y-1001Y"
            },
            {
              "status": "affected",
              "version": "1010-1004-1007-1001"
            },
            {
              "status": "affected",
              "version": "1011-1005-1008-1002"
            },
            {
              "status": "affected",
              "version": "1014-1005-1009-1002"
            },
            {
              "status": "affected",
              "version": "1015-1006-1010-1003"
            },
            {
              "status": "affected",
              "version": "1016-1007-1011-1003"
            },
            {
              "status": "affected",
              "version": "1017-1008-1012-1002"
            },
            {
              "status": "affected",
              "version": "1017Y-1008Y-1012Y-1002Y"
            },
            {
              "status": "affected",
              "version": "1018-1008-1012-1004"
            },
            {
              "status": "affected",
              "version": "1019-1009-1013-1003"
            },
            {
              "status": "affected",
              "version": "1019c-1012c-1014c-1001c-FFFF"
            },
            {
              "status": "affected",
              "version": "1022-1014-1016-1002-FFFF"
            },
            {
              "status": "affected",
              "version": "1022Y-1014Y-1016Y-1002Y-FFFF"
            },
            {
              "status": "affected",
              "version": "1023-1014-1017-1002-FFFF"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gergely Eberhardt (SEARCH-LAB.hu)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u0026nbsp;Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC."
            }
          ],
          "value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        },
        {
          "capecId": "CAPEC-137",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-137 Parameter Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T20:51:31.936Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40500"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://avtech.com/"
        },
        {
          "tags": [
            "third-party-advisory",
            "technical-description"
          ],
          "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "x_known-exploited-vulnerability"
      ],
      "title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34054",
    "datePublished": "2025-07-01T14:46:00.832Z",
    "dateReserved": "2025-04-15T19:15:22.548Z",
    "dateUpdated": "2025-11-20T20:51:31.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}