Authentication Bypass Vulnerability in AVTECH IP Cameras and DVRs
CVE-2025-34053

6.9MEDIUM

Key Information:

Vendor

Avtech

Status
Ip Camera, Dvr, And Nvr Devices
Vendor
CVE Published:
1 July 2025

Badges

👾 Exploit Exists

What is CVE-2025-34053?

An authentication bypass vulnerability is present in the streamd web server of AVTECH IP camera, DVR, and NVR devices. The flaw arises from the use of the strstr() function to process requests containing ‘.cab’. This allows attackers to exploit the vulnerability by crafting URLs that include ‘.cab’, which can lead to unauthorized access to protected endpoints without proper authentication.

Affected Version(s)

IP camera, DVR, and NVR devices 1000-1000-1000-1000

IP camera, DVR, and NVR devices 1000C-1000C-1000C-1000C

IP camera, DVR, and NVR devices 1001-1000-1000-1000

References

https://www.exploit-db.com/exploits/40500
exploit
https://avtech.com/
product
https://web.archive.org/web/20240810225729/https://www.se...
third-party-advisorytechnical-description

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gergely Eberhardt (SEARCH-LAB.hu)
.
CVE-2025-34053 : Authentication Bypass Vulnerability in AVTECH IP Cameras and DVRs