CVE-2025-34051 (GCVE-0-2025-34051)
Vulnerability from cvelistv5
Published
2025-07-01 14:44
Modified
2025-07-01 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVTECH | DVR devices |
Version: 1001-1000-1000-1000 Version: 1001-1000-1001-1001 Version: 1002-1000-1002-1001 Version: 1002-1001-1001-1001 Version: 1004-1002-1001-1000 Version: 1004-1002-1003-1000-FFFF Version: 1004V-1002V-1003V-1001V Version: 1004Y-1002Y-1001EJ-1000Y Version: 1004Y-1002Y-1001Y-1000Y Version: 1005-1002-1002-1000 Version: 1005-1002-1004-1001 Version: 1006-1001-1003-1004 Version: 1006-1002-1003-1000 Version: 1006Y-1002Y-1003Y-1000Y Version: 1007-1002-1004-1000 Version: 1007-1003-1003-1002 Version: 1007-1003-1005-1001 Version: 1007E-1003E-1005EJ-1001E Version: 1007V-1003V-1005V-1001V Version: 1007Y-1002Y-1004Y-1000Y Version: 1008-1002-1005-1000 Version: 1008-1004-1003-1002 Version: 1009-1003-1005-1006 Version: 1009-1003-1006-1001 Version: 1009-1007-1007-1000-FFFF Version: 1009Y-1003Y-1006Y-1001Y Version: 1010-1004-1007-1001 Version: 1010-1005-1005-1002 Version: 1011-1004-1005-1006 Version: 1011-1005-1007-1001 Version: 1011-1005-1007EJ-1001 Version: 1011-1005-1008-1002 Version: 1012-1004-1005-1006 Version: 1012-1005-1007-1002 Version: 1012-1006-1007-1001 Version: 1012-1008-1009-1000-FFFF Version: 1014-1005-1009-1002 Version: 1014-1007-1009-1001 Version: 1014-1010-1010-1000-FFFF Version: 1014Y-1007Y-1009Y-1001Y Version: 1015-1006-1010-1003 Version: 1015-1007-1007-1007 Version: 1015-1007-1010-1001 Version: 1015-1010-1011-1000-FFFF Version: 1015Y-1007Y-1010Y-1001Y Version: 1016-1007-1005-1001 Version: 1016-1007-1011-1001 Version: 1016-1007-1011-1003 Version: 1016-1008-1007-1007 Version: 1016Y-1007Y-1011Y-1001Y Version: 1017-1008-1012-1002 Version: 1017-1009-1008-1008 Version: 1017-1011-1013-1001-FFFF Version: 1017f-1011f-1013f-1001f-FFFF Version: 1017Y-1008Y-1012Y-1002Y Version: 1018-1008-1012-1004 Version: 1019-1009-1013-1003 Version: 1019-1010-1009-1009 Version: 1019c-1012c-1014c-1001c-FFFF Version: 1021-1011-1010-1009 Version: 1022-1012-1011-1009 Version: 1022-1014-1016-1002-FFFF Version: 1022Y-1014Y-1016Y-1002Y-FFFF Version: 1023-1013-1011-1009 Version: 1023-1014-1017-1002-FFFF Version: 1025-1014-1013-1009 Version: 1026-1014-1014-1009 Version: 1027-1014-1015-1009 Version: S968-S968-S968-S968 Version: V171P-V171P-V171P-V171P Version: V189-V189-V189-V189 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34051",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T14:57:37.177556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:59:04.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Search.cgi endpoint",
"ip parameter",
"port parameter",
"queryb64str parameter"
],
"product": "DVR devices",
"vendor": "AVTECH",
"versions": [
{
"status": "affected",
"version": "1001-1000-1000-1000"
},
{
"status": "affected",
"version": "1001-1000-1001-1001"
},
{
"status": "affected",
"version": "1002-1000-1002-1001"
},
{
"status": "unaffected",
"version": "1002-1001-1000-1000"
},
{
"status": "affected",
"version": "1002-1001-1001-1001"
},
{
"status": "affected",
"version": "1004-1002-1001-1000"
},
{
"status": "affected",
"version": "1004-1002-1003-1000-FFFF"
},
{
"status": "affected",
"version": "1004V-1002V-1003V-1001V"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001EJ-1000Y"
},
{
"status": "affected",
"version": "1004Y-1002Y-1001Y-1000Y"
},
{
"status": "affected",
"version": "1005-1002-1002-1000"
},
{
"status": "affected",
"version": "1005-1002-1004-1001"
},
{
"status": "affected",
"version": "1006-1001-1003-1004"
},
{
"status": "affected",
"version": "1006-1002-1003-1000"
},
{
"status": "affected",
"version": "1006Y-1002Y-1003Y-1000Y"
},
{
"status": "affected",
"version": "1007-1002-1004-1000"
},
{
"status": "affected",
"version": "1007-1003-1003-1002"
},
{
"status": "affected",
"version": "1007-1003-1005-1001"
},
{
"status": "affected",
"version": "1007E-1003E-1005EJ-1001E"
},
{
"status": "affected",
"version": "1007V-1003V-1005V-1001V"
},
{
"status": "affected",
"version": "1007Y-1002Y-1004Y-1000Y"
},
{
"status": "affected",
"version": "1008-1002-1005-1000"
},
{
"status": "affected",
"version": "1008-1004-1003-1002"
},
{
"status": "affected",
"version": "1009-1003-1005-1006"
},
{
"status": "affected",
"version": "1009-1003-1006-1001"
},
{
"status": "affected",
"version": "1009-1007-1007-1000-FFFF"
},
{
"status": "affected",
"version": "1009Y-1003Y-1006Y-1001Y"
},
{
"status": "affected",
"version": "1010-1004-1007-1001"
},
{
"status": "affected",
"version": "1010-1005-1005-1002"
},
{
"status": "affected",
"version": "1011-1004-1005-1006"
},
{
"status": "affected",
"version": "1011-1005-1007-1001"
},
{
"status": "affected",
"version": "1011-1005-1007EJ-1001"
},
{
"status": "affected",
"version": "1011-1005-1008-1002"
},
{
"status": "affected",
"version": "1012-1004-1005-1006"
},
{
"status": "affected",
"version": "1012-1005-1007-1002"
},
{
"status": "affected",
"version": "1012-1006-1007-1001"
},
{
"status": "affected",
"version": "1012-1008-1009-1000-FFFF"
},
{
"status": "affected",
"version": "1014-1005-1009-1002"
},
{
"status": "affected",
"version": "1014-1007-1009-1001"
},
{
"status": "affected",
"version": "1014-1010-1010-1000-FFFF"
},
{
"status": "affected",
"version": "1014Y-1007Y-1009Y-1001Y"
},
{
"status": "affected",
"version": "1015-1006-1010-1003"
},
{
"status": "affected",
"version": "1015-1007-1007-1007"
},
{
"status": "affected",
"version": "1015-1007-1010-1001"
},
{
"status": "affected",
"version": "1015-1010-1011-1000-FFFF"
},
{
"status": "affected",
"version": "1015Y-1007Y-1010Y-1001Y"
},
{
"status": "affected",
"version": "1016-1007-1005-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1001"
},
{
"status": "affected",
"version": "1016-1007-1011-1003"
},
{
"status": "affected",
"version": "1016-1008-1007-1007"
},
{
"status": "affected",
"version": "1016Y-1007Y-1011Y-1001Y"
},
{
"status": "affected",
"version": "1017-1008-1012-1002"
},
{
"status": "affected",
"version": "1017-1009-1008-1008"
},
{
"status": "affected",
"version": "1017-1011-1013-1001-FFFF"
},
{
"status": "affected",
"version": "1017f-1011f-1013f-1001f-FFFF"
},
{
"status": "affected",
"version": "1017Y-1008Y-1012Y-1002Y"
},
{
"status": "affected",
"version": "1018-1008-1012-1004"
},
{
"status": "affected",
"version": "1019-1009-1013-1003"
},
{
"status": "affected",
"version": "1019-1010-1009-1009"
},
{
"status": "affected",
"version": "1019c-1012c-1014c-1001c-FFFF"
},
{
"status": "affected",
"version": "1021-1011-1010-1009"
},
{
"status": "affected",
"version": "1022-1012-1011-1009"
},
{
"status": "affected",
"version": "1022-1014-1016-1002-FFFF"
},
{
"status": "affected",
"version": "1022Y-1014Y-1016Y-1002Y-FFFF"
},
{
"status": "affected",
"version": "1023-1013-1011-1009"
},
{
"status": "affected",
"version": "1023-1014-1017-1002-FFFF"
},
{
"status": "affected",
"version": "1025-1014-1013-1009"
},
{
"status": "affected",
"version": "1026-1014-1014-1009"
},
{
"status": "affected",
"version": "1027-1014-1015-1009"
},
{
"status": "affected",
"version": "S968-S968-S968-S968"
},
{
"status": "affected",
"version": "V171P-V171P-V171P-V171P"
},
{
"status": "affected",
"version": "V189-V189-V189-V189"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt (SEARCH-LAB.hu)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the \u003ccode\u003e/cgi-bin/nobody/Search.cgi?action=cgi_query\u003c/code\u003e endpoint without authentication. An attacker can manipulate the \u003ccode\u003eip\u003c/code\u003e, \u003ccode\u003eport\u003c/code\u003e, and \u003ccode\u003equeryb64str\u003c/code\u003e parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services."
}
],
"value": "A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T14:44:22.913Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40500"
},
{
"tags": [
"product"
],
"url": "https://avtech.com/"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AVTECH DVR Devices Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34051",
"datePublished": "2025-07-01T14:44:22.913Z",
"dateReserved": "2025-04-15T19:15:22.548Z",
"dateUpdated": "2025-07-01T14:59:04.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-34051\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-07-01T15:15:23.467\",\"lastModified\":\"2025-07-03T15:14:12.767\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de server-side request forgery en varias versiones de firmware de los dispositivos AVTECH DVR que expone el endpoint /cgi-bin/nobody/Search.cgi?action=cgi_query sin autenticaci\u00f3n. Un atacante puede manipular los par\u00e1metros IP, puerto y queryb64str para realizar solicitudes HTTP arbitrarias desde el DVR a sistemas internos o externos, lo que podr\u00eda exponer datos confidenciales o interactuar con servicios internos.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://avtech.com/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40500\",\"source\":\"disclosure@vulncheck.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-34051\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-01T14:57:37.177556Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-01T14:54:53.451Z\"}}], \"cna\": {\"title\": \"AVTECH DVR Devices Server-Side Request Forgery\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gergely Eberhardt (SEARCH-LAB.hu)\"}], \"impacts\": [{\"capecId\": \"CAPEC-664\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-664 Server Side Request Forgery\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AVTECH\", \"modules\": [\"Search.cgi endpoint\", \"ip parameter\", \"port parameter\", \"queryb64str parameter\"], \"product\": \"DVR devices\", \"versions\": [{\"status\": \"affected\", \"version\": \"1001-1000-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1001-1000-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1002-1000-1002-1001\"}, {\"status\": \"unaffected\", \"version\": \"1002-1001-1000-1000\"}, {\"status\": \"affected\", \"version\": \"1002-1001-1001-1001\"}, {\"status\": \"affected\", \"version\": \"1004-1002-1001-1000\"}, {\"status\": \"affected\", \"version\": \"1004-1002-1003-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1004V-1002V-1003V-1001V\"}, {\"status\": \"affected\", \"version\": \"1004Y-1002Y-1001EJ-1000Y\"}, {\"status\": \"affected\", \"version\": \"1004Y-1002Y-1001Y-1000Y\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1002-1000\"}, {\"status\": \"affected\", \"version\": \"1005-1002-1004-1001\"}, {\"status\": \"affected\", \"version\": \"1006-1001-1003-1004\"}, {\"status\": \"affected\", \"version\": \"1006-1002-1003-1000\"}, {\"status\": \"affected\", \"version\": \"1006Y-1002Y-1003Y-1000Y\"}, {\"status\": \"affected\", \"version\": \"1007-1002-1004-1000\"}, {\"status\": \"affected\", \"version\": \"1007-1003-1003-1002\"}, {\"status\": \"affected\", \"version\": \"1007-1003-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1007E-1003E-1005EJ-1001E\"}, {\"status\": \"affected\", \"version\": \"1007V-1003V-1005V-1001V\"}, {\"status\": \"affected\", \"version\": \"1007Y-1002Y-1004Y-1000Y\"}, {\"status\": \"affected\", \"version\": \"1008-1002-1005-1000\"}, {\"status\": \"affected\", \"version\": \"1008-1004-1003-1002\"}, {\"status\": \"affected\", \"version\": \"1009-1003-1005-1006\"}, {\"status\": \"affected\", \"version\": \"1009-1003-1006-1001\"}, {\"status\": \"affected\", \"version\": \"1009-1007-1007-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1009Y-1003Y-1006Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1010-1004-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1010-1005-1005-1002\"}, {\"status\": \"affected\", \"version\": \"1011-1004-1005-1006\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1007EJ-1001\"}, {\"status\": \"affected\", \"version\": \"1011-1005-1008-1002\"}, {\"status\": \"affected\", \"version\": \"1012-1004-1005-1006\"}, {\"status\": \"affected\", \"version\": \"1012-1005-1007-1002\"}, {\"status\": \"affected\", \"version\": \"1012-1006-1007-1001\"}, {\"status\": \"affected\", \"version\": \"1012-1008-1009-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1014-1005-1009-1002\"}, {\"status\": \"affected\", \"version\": \"1014-1007-1009-1001\"}, {\"status\": \"affected\", \"version\": \"1014-1010-1010-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1014Y-1007Y-1009Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1015-1006-1010-1003\"}, {\"status\": \"affected\", \"version\": \"1015-1007-1007-1007\"}, {\"status\": \"affected\", \"version\": \"1015-1007-1010-1001\"}, {\"status\": \"affected\", \"version\": \"1015-1010-1011-1000-FFFF\"}, {\"status\": \"affected\", \"version\": \"1015Y-1007Y-1010Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1005-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1011-1001\"}, {\"status\": \"affected\", \"version\": \"1016-1007-1011-1003\"}, {\"status\": \"affected\", \"version\": \"1016-1008-1007-1007\"}, {\"status\": \"affected\", \"version\": \"1016Y-1007Y-1011Y-1001Y\"}, {\"status\": \"affected\", \"version\": \"1017-1008-1012-1002\"}, {\"status\": \"affected\", \"version\": \"1017-1009-1008-1008\"}, {\"status\": \"affected\", \"version\": \"1017-1011-1013-1001-FFFF\"}, {\"status\": \"affected\", \"version\": \"1017f-1011f-1013f-1001f-FFFF\"}, {\"status\": \"affected\", \"version\": \"1017Y-1008Y-1012Y-1002Y\"}, {\"status\": \"affected\", \"version\": \"1018-1008-1012-1004\"}, {\"status\": \"affected\", \"version\": \"1019-1009-1013-1003\"}, {\"status\": \"affected\", \"version\": \"1019-1010-1009-1009\"}, {\"status\": \"affected\", \"version\": \"1019c-1012c-1014c-1001c-FFFF\"}, {\"status\": \"affected\", \"version\": \"1021-1011-1010-1009\"}, {\"status\": \"affected\", \"version\": \"1022-1012-1011-1009\"}, {\"status\": \"affected\", \"version\": \"1022-1014-1016-1002-FFFF\"}, {\"status\": \"affected\", \"version\": \"1022Y-1014Y-1016Y-1002Y-FFFF\"}, {\"status\": \"affected\", \"version\": \"1023-1013-1011-1009\"}, {\"status\": \"affected\", \"version\": \"1023-1014-1017-1002-FFFF\"}, {\"status\": \"affected\", \"version\": \"1025-1014-1013-1009\"}, {\"status\": \"affected\", \"version\": \"1026-1014-1014-1009\"}, {\"status\": \"affected\", \"version\": \"1027-1014-1015-1009\"}, {\"status\": \"affected\", \"version\": \"S968-S968-S968-S968\"}, {\"status\": \"affected\", \"version\": \"V171P-V171P-V171P-V171P\"}, {\"status\": \"affected\", \"version\": \"V189-V189-V189-V189\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/40500\", \"tags\": [\"exploit\"]}, {\"url\": \"https://avtech.com/\", \"tags\": [\"product\"]}, {\"url\": \"https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\", \"tags\": [\"third-party-advisory\", \"technical-description\"]}, {\"url\": \"https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\", \"tags\": [\"exploit\"]}, {\"url\": \"https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the \u003ccode\u003e/cgi-bin/nobody/Search.cgi?action=cgi_query\u003c/code\u003e endpoint without authentication. An attacker can manipulate the \u003ccode\u003eip\u003c/code\u003e, \u003ccode\u003eport\u003c/code\u003e, and \u003ccode\u003equeryb64str\u003c/code\u003e parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-07-01T14:44:22.913Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-34051\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-01T14:59:04.311Z\", \"dateReserved\": \"2025-04-15T19:15:22.548Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-07-01T14:44:22.913Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…