CVE-2025-34054

Summary

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.

Affected Software

VendorProductVersion RangeStatus
AVTECHIP camera, DVR, and NVR Devices1008-1002-1005-1000affected
AVTECHIP camera, DVR, and NVR Devices1009-1003-1006-1001affected
AVTECHIP camera, DVR, and NVR Devices1009Y-1003Y-1006Y-1001Yaffected
AVTECHIP camera, DVR, and NVR Devices1010-1004-1007-1001affected
AVTECHIP camera, DVR, and NVR Devices1011-1005-1008-1002affected
AVTECHIP camera, DVR, and NVR Devices1014-1005-1009-1002affected
AVTECHIP camera, DVR, and NVR Devices1015-1006-1010-1003affected
AVTECHIP camera, DVR, and NVR Devices1016-1007-1011-1003affected
AVTECHIP camera, DVR, and NVR Devices1017-1008-1012-1002affected
AVTECHIP camera, DVR, and NVR Devices1017Y-1008Y-1012Y-1002Yaffected
AVTECHIP camera, DVR, and NVR Devices1018-1008-1012-1004affected
AVTECHIP camera, DVR, and NVR Devices1019-1009-1013-1003affected
AVTECHIP camera, DVR, and NVR Devices1019c-1012c-1014c-1001c-FFFFaffected
AVTECHIP camera, DVR, and NVR Devices1022-1014-1016-1002-FFFFaffected
AVTECHIP camera, DVR, and NVR Devices1022Y-1014Y-1016Y-1002Y-FFFFaffected
AVTECHIP camera, DVR, and NVR Devices1023-1014-1017-1002-FFFFaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References