GCVE - cpe:2.3:a:avtech:dvr_devices:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:avtech:dvr_devices:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Avtech (`064374b9-08a7-5b62-a2bd-77f43f7d6e76`)
Product	Dvr Devices (`96235bb7-159e-565f-a8b9-602cfdfa4448`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-34066`	vulnerable	2026-06-03 15:00:43.525207	AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks. Published: 2025-07-01T14:47:44.573Z Updated: 2026-04-07T14:09:19.390Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/40500 https://avtech.com/ https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34051`	vulnerable	2026-06-03 15:00:43.501675	AVTECH DVR Devices Server-Side Request Forgery A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services. Published: 2025-07-01T14:44:22.913Z Updated: 2026-04-07T14:09:14.685Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/40500 https://avtech.com/ https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-34050`	vulnerable	2026-06-03 15:00:43.499526	AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction. Published: 2025-07-01T14:42:57.143Z Updated: 2026-04-07T14:09:13.996Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/40500 https://avtech.com/ https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.