CVE-2025-34065
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AVTECH | IP camera, DVR, and NVR Devices | 1000-1000-1000-1000 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1000C-1000C-1000C-1000C | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1001-1000-1000-1000 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1001-1001-1000-1000 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1002-1000-1000-1000 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1002-1002-1000-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1002D-1000D-1000D-1000D | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1003-1000-1000-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1003-1001-1001-1000 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1003-1002-1001-1000 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1004-1000-1000-1000 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1004-1001-1001-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1004-1002-1000-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1004-1003-1001-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1004-1003-1002-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1004A-1001A-1002A-1000A | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1005-1002-1001-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1005-1003-1001-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1005-1004-1002-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1005A-1001A-1002A-1001A | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1005D-1001D-1002D-1001D | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1006-1002-1001-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1006-1003-1001-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1006-1004-1003-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1007-1001-1003-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1007-1001-1004-1003 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1007-1002-1001-1000 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1007-1002-1001-1003 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1007-1002-1003-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1007-1004-1003-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1008-1001-1003-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1008-1004-1004-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1008D-1003D-1004D-1002D | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1008J-1004J-1004J-1001J | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1009-1001-1004-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1009-1002-1005-1003 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1009-1003-1001-1003 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1009-1003-1005-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1010-1001-1004-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1010-1001-1004-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1010-1003-1005-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1010-1003-1006-1003 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1010-1003-1006-1004 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1010-1004-1007-1001 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1010J-1001J-1004J-1001J | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1010N-1003N-1005N-1002N | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1011-1001-1002A-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1011-1001-1002D-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1011-1001-1003-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1011-1001-1004-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1011-1001-1005-1002 | affected |
| AVTECH | IP camera, DVR, and NVR Devices | 1011-1004-1005-1002 | affected |
Weaknesses
- CWE-290: CWE-290 Authentication Bypass by Spoofing
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/40500
- https://avtech.com/
- https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities
- https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH
- https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.