CVE-2025-34051

Summary

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.

Affected Software

VendorProductVersion RangeStatus
AVTECHDVR devices1001-1000-1000-1000affected
AVTECHDVR devices1001-1000-1001-1001affected
AVTECHDVR devices1002-1000-1002-1001affected
AVTECHDVR devices1002-1001-1000-1000unaffected
AVTECHDVR devices1002-1001-1001-1001affected
AVTECHDVR devices1004-1002-1001-1000affected
AVTECHDVR devices1004-1002-1003-1000-FFFFaffected
AVTECHDVR devices1004V-1002V-1003V-1001Vaffected
AVTECHDVR devices1004Y-1002Y-1001EJ-1000Yaffected
AVTECHDVR devices1004Y-1002Y-1001Y-1000Yaffected
AVTECHDVR devices1005-1002-1002-1000affected
AVTECHDVR devices1005-1002-1004-1001affected
AVTECHDVR devices1006-1001-1003-1004affected
AVTECHDVR devices1006-1002-1003-1000affected
AVTECHDVR devices1006Y-1002Y-1003Y-1000Yaffected
AVTECHDVR devices1007-1002-1004-1000affected
AVTECHDVR devices1007-1003-1003-1002affected
AVTECHDVR devices1007-1003-1005-1001affected
AVTECHDVR devices1007E-1003E-1005EJ-1001Eaffected
AVTECHDVR devices1007V-1003V-1005V-1001Vaffected
AVTECHDVR devices1007Y-1002Y-1004Y-1000Yaffected
AVTECHDVR devices1008-1002-1005-1000affected
AVTECHDVR devices1008-1004-1003-1002affected
AVTECHDVR devices1009-1003-1005-1006affected
AVTECHDVR devices1009-1003-1006-1001affected
AVTECHDVR devices1009-1007-1007-1000-FFFFaffected
AVTECHDVR devices1009Y-1003Y-1006Y-1001Yaffected
AVTECHDVR devices1010-1004-1007-1001affected
AVTECHDVR devices1010-1005-1005-1002affected
AVTECHDVR devices1011-1004-1005-1006affected
AVTECHDVR devices1011-1005-1007-1001affected
AVTECHDVR devices1011-1005-1007EJ-1001affected
AVTECHDVR devices1011-1005-1008-1002affected
AVTECHDVR devices1012-1004-1005-1006affected
AVTECHDVR devices1012-1005-1007-1002affected
AVTECHDVR devices1012-1006-1007-1001affected
AVTECHDVR devices1012-1008-1009-1000-FFFFaffected
AVTECHDVR devices1014-1005-1009-1002affected
AVTECHDVR devices1014-1007-1009-1001affected
AVTECHDVR devices1014-1010-1010-1000-FFFFaffected
AVTECHDVR devices1014Y-1007Y-1009Y-1001Yaffected
AVTECHDVR devices1015-1006-1010-1003affected
AVTECHDVR devices1015-1007-1007-1007affected
AVTECHDVR devices1015-1007-1010-1001affected
AVTECHDVR devices1015-1010-1011-1000-FFFFaffected
AVTECHDVR devices1015Y-1007Y-1010Y-1001Yaffected
AVTECHDVR devices1016-1007-1005-1001affected
AVTECHDVR devices1016-1007-1011-1001affected
AVTECHDVR devices1016-1007-1011-1003affected
AVTECHDVR devices1016-1008-1007-1007affected
AVTECHDVR devices1016Y-1007Y-1011Y-1001Yaffected
AVTECHDVR devices1017-1008-1012-1002affected
AVTECHDVR devices1017-1009-1008-1008affected
AVTECHDVR devices1017-1011-1013-1001-FFFFaffected
AVTECHDVR devices1017f-1011f-1013f-1001f-FFFFaffected
AVTECHDVR devices1017Y-1008Y-1012Y-1002Yaffected
AVTECHDVR devices1018-1008-1012-1004affected
AVTECHDVR devices1019-1009-1013-1003affected
AVTECHDVR devices1019-1010-1009-1009affected
AVTECHDVR devices1019c-1012c-1014c-1001c-FFFFaffected
AVTECHDVR devices1021-1011-1010-1009affected
AVTECHDVR devices1022-1012-1011-1009affected
AVTECHDVR devices1022-1014-1016-1002-FFFFaffected
AVTECHDVR devices1022Y-1014Y-1016Y-1002Y-FFFFaffected
AVTECHDVR devices1023-1013-1011-1009affected
AVTECHDVR devices1023-1014-1017-1002-FFFFaffected
AVTECHDVR devices1025-1014-1013-1009affected
AVTECHDVR devices1026-1014-1014-1009affected
AVTECHDVR devices1027-1014-1015-1009affected
AVTECHDVR devicesS968-S968-S968-S968affected
AVTECHDVR devicesV171P-V171P-V171P-V171Paffected
AVTECHDVR devicesV189-V189-V189-V189affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References