Medium severityNVD Advisory· Published Jul 1, 2025· Updated Apr 15, 2026
CVE-2025-34051
CVE-2025-34051
Description
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
5- avtech.comnvd
- vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulnsnvd
- web.archive.org/web/20161029201749/https://github.com/ebux/AVTECHnvd
- web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilitiesnvd
- www.exploit-db.com/exploits/40500nvd
News mentions
0No linked articles in our index yet.