VYPR

IP camera, DVR, and NVR devices

by AVTECH SECURITY Corporation

CVEs (4)

  • CVE-2025-34056CriJul 1, 2025
    risk 0.61cvss epss 0.02

    An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system…

  • CVE-2025-34065MedJul 1, 2025
    risk 0.45cvss epss 0.01

    An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

  • CVE-2025-34053MedJul 1, 2025
    risk 0.45cvss epss 0.01

    An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.

  • CVE-2025-34050MedJul 1, 2025
    risk 0.33cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the…