CVE-2025-34065

Sažetak

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

Reference

https://avtech.com/
https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns
https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH
https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities
https://www.exploit-db.com/exploits/40500

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

03-07-2025 - 15:14

Objavljeno

01-07-2025 - 15:15