CVE-2025-34050
5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AVTECH | IP cameras | 0 | affected |
| AVTECH | DVR devices | 0 | affected |
| AVTECH | NVR devices | 0 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/40500
- https://avtech.com/
- https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities
- https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH
- https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.