VYPR

IP Camera NVR DVR

by AVTECH SECURITY Corporation

CVEs (2)

  • CVE-2025-34054CriJul 1, 2025
    risk 0.65cvss epss 0.03

    An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as…

  • CVE-2025-34051MedJul 1, 2025
    risk 0.45cvss epss 0.01

    A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make…