Medium severityNVD Advisory· Published Jul 1, 2025· Updated Apr 15, 2026
CVE-2025-34053
CVE-2025-34053
Description
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- avtech.comnvd
- vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulnsnvd
- web.archive.org/web/20161029201749/https://github.com/ebux/AVTECHnvd
- web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilitiesnvd
- www.exploit-db.com/exploits/40500nvd
News mentions
0No linked articles in our index yet.