VYPR

Dvr

by Tvt

CVEs (10)

  • CVE-2025-34054CriJul 1, 2025
    risk 0.65cvss epss 0.03

    An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as…

  • CVE-2023-6095HigApr 26, 2024
    risk 0.58cvss 8.9epss 0.01

    Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please…

  • CVE-2023-6096HigApr 26, 2024
    risk 0.48cvss 7.4epss 0.00

    Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for…

  • CVE-2025-34053MedJul 1, 2025
    risk 0.45cvss epss 0.01

    An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.

  • CVE-2025-34051MedJul 1, 2025
    risk 0.45cvss epss 0.01

    A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make…

  • CVE-2025-34050MedJul 1, 2025
    risk 0.33cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the…

  • CVE-2013-6023Nov 2, 2013
    risk 0.04cvss epss 0.10

    Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.

  • CVE-2025-66174Dec 19, 2025
    risk 0.00cvss epss 0.00

    There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series…

  • CVE-2025-66173Dec 19, 2025
    risk 0.00cvss epss 0.00

    There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to…

  • CVE-2025-63408Nov 18, 2025
    risk 0.00cvss epss 0.00

    Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request (SSRF), or execute OS commands.