CVE-2025-34065

Summary

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

Affected Software

VendorProductVersion RangeStatus
AVTECHIP camera, DVR, and NVR Devices1000-1000-1000-1000affected
AVTECHIP camera, DVR, and NVR Devices1000C-1000C-1000C-1000Caffected
AVTECHIP camera, DVR, and NVR Devices1001-1000-1000-1000affected
AVTECHIP camera, DVR, and NVR Devices1001-1001-1000-1000affected
AVTECHIP camera, DVR, and NVR Devices1002-1000-1000-1000affected
AVTECHIP camera, DVR, and NVR Devices1002-1002-1000-1002affected
AVTECHIP camera, DVR, and NVR Devices1002D-1000D-1000D-1000Daffected
AVTECHIP camera, DVR, and NVR Devices1003-1000-1000-1001affected
AVTECHIP camera, DVR, and NVR Devices1003-1001-1001-1000affected
AVTECHIP camera, DVR, and NVR Devices1003-1002-1001-1000affected
AVTECHIP camera, DVR, and NVR Devices1004-1000-1000-1000affected
AVTECHIP camera, DVR, and NVR Devices1004-1001-1001-1001affected
AVTECHIP camera, DVR, and NVR Devices1004-1002-1000-1001affected
AVTECHIP camera, DVR, and NVR Devices1004-1003-1001-1002affected
AVTECHIP camera, DVR, and NVR Devices1004-1003-1002-1001affected
AVTECHIP camera, DVR, and NVR Devices1004A-1001A-1002A-1000Aaffected
AVTECHIP camera, DVR, and NVR Devices1005-1002-1001-1002affected
AVTECHIP camera, DVR, and NVR Devices1005-1003-1001-1002affected
AVTECHIP camera, DVR, and NVR Devices1005-1004-1002-1001affected
AVTECHIP camera, DVR, and NVR Devices1005A-1001A-1002A-1001Aaffected
AVTECHIP camera, DVR, and NVR Devices1005D-1001D-1002D-1001Daffected
AVTECHIP camera, DVR, and NVR Devices1006-1002-1001-1002affected
AVTECHIP camera, DVR, and NVR Devices1006-1003-1001-1001affected
AVTECHIP camera, DVR, and NVR Devices1006-1004-1003-1001affected
AVTECHIP camera, DVR, and NVR Devices1007-1001-1003-1001affected
AVTECHIP camera, DVR, and NVR Devices1007-1001-1004-1003affected
AVTECHIP camera, DVR, and NVR Devices1007-1002-1001-1000affected
AVTECHIP camera, DVR, and NVR Devices1007-1002-1001-1003affected
AVTECHIP camera, DVR, and NVR Devices1007-1002-1003-1002affected
AVTECHIP camera, DVR, and NVR Devices1007-1004-1003-1001affected
AVTECHIP camera, DVR, and NVR Devices1008-1001-1003-1002affected
AVTECHIP camera, DVR, and NVR Devices1008-1004-1004-1001affected
AVTECHIP camera, DVR, and NVR Devices1008D-1003D-1004D-1002Daffected
AVTECHIP camera, DVR, and NVR Devices1008J-1004J-1004J-1001Jaffected
AVTECHIP camera, DVR, and NVR Devices1009-1001-1004-1001affected
AVTECHIP camera, DVR, and NVR Devices1009-1002-1005-1003affected
AVTECHIP camera, DVR, and NVR Devices1009-1003-1001-1003affected
AVTECHIP camera, DVR, and NVR Devices1009-1003-1005-1002affected
AVTECHIP camera, DVR, and NVR Devices1010-1001-1004-1001affected
AVTECHIP camera, DVR, and NVR Devices1010-1001-1004-1002affected
AVTECHIP camera, DVR, and NVR Devices1010-1003-1005-1002affected
AVTECHIP camera, DVR, and NVR Devices1010-1003-1006-1003affected
AVTECHIP camera, DVR, and NVR Devices1010-1003-1006-1004affected
AVTECHIP camera, DVR, and NVR Devices1010-1004-1007-1001affected
AVTECHIP camera, DVR, and NVR Devices1010J-1001J-1004J-1001Jaffected
AVTECHIP camera, DVR, and NVR Devices1010N-1003N-1005N-1002Naffected
AVTECHIP camera, DVR, and NVR Devices1011-1001-1002A-1002affected
AVTECHIP camera, DVR, and NVR Devices1011-1001-1002D-1002affected
AVTECHIP camera, DVR, and NVR Devices1011-1001-1003-1002affected
AVTECHIP camera, DVR, and NVR Devices1011-1001-1004-1002affected
AVTECHIP camera, DVR, and NVR Devices1011-1001-1005-1002affected
AVTECHIP camera, DVR, and NVR Devices1011-1004-1005-1002affected

Weaknesses

  • CWE-290: CWE-290 Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References