Medium severityNVD Advisory· Published Jul 1, 2025· Updated Apr 15, 2026

CVE-2025-34051

Description

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

avtech.comnvd
vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulnsnvd
web.archive.org/web/20161029201749/https://github.com/ebux/AVTECHnvd
web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilitiesnvd
www.exploit-db.com/exploits/40500nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000