CVE-2025-34051

Description

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

Low

Integrity (Subsequent System)

Low

Availability (Subsequent System)

Low

Affected products

AVTECH / DVR devices1001-1000-1000-1000 – 1001-1000-1000-1000
AVTECH / DVR devices1001-1000-1001-1001 – 1001-1000-1001-1001
AVTECH / DVR devices1002-1000-1002-1001 – 1002-1000-1002-1001
AVTECH / DVR devices1002-1001-1000-1000 – 1002-1001-1000-1000
AVTECH / DVR devices1002-1001-1001-1001 – 1002-1001-1001-1001
AVTECH / DVR devices1004-1002-1001-1000 – 1004-1002-1001-1000
AVTECH / DVR devices1004-1002-1003-1000-FFFF – 1004-1002-1003-1000-FFFF
AVTECH / DVR devices1004V-1002V-1003V-1001V – 1004V-1002V-1003V-1001V
AVTECH / DVR devices1004Y-1002Y-1001EJ-1000Y – 1004Y-1002Y-1001EJ-1000Y
AVTECH / DVR devices1004Y-1002Y-1001Y-1000Y – 1004Y-1002Y-1001Y-1000Y
AVTECH / DVR devices1005-1002-1002-1000 – 1005-1002-1002-1000
AVTECH / DVR devices1005-1002-1004-1001 – 1005-1002-1004-1001
AVTECH / DVR devices1006-1001-1003-1004 – 1006-1001-1003-1004
AVTECH / DVR devices1006-1002-1003-1000 – 1006-1002-1003-1000
AVTECH / DVR devices1006Y-1002Y-1003Y-1000Y – 1006Y-1002Y-1003Y-1000Y
AVTECH / DVR devices1007-1002-1004-1000 – 1007-1002-1004-1000
AVTECH / DVR devices1007-1003-1003-1002 – 1007-1003-1003-1002
AVTECH / DVR devices1007-1003-1005-1001 – 1007-1003-1005-1001
AVTECH / DVR devices1007E-1003E-1005EJ-1001E – 1007E-1003E-1005EJ-1001E
AVTECH / DVR devices1007V-1003V-1005V-1001V – 1007V-1003V-1005V-1001V
AVTECH / DVR devices1007Y-1002Y-1004Y-1000Y – 1007Y-1002Y-1004Y-1000Y
AVTECH / DVR devices1008-1002-1005-1000 – 1008-1002-1005-1000
AVTECH / DVR devices1008-1004-1003-1002 – 1008-1004-1003-1002
AVTECH / DVR devices1009-1003-1005-1006 – 1009-1003-1005-1006
AVTECH / DVR devices1009-1003-1006-1001 – 1009-1003-1006-1001
AVTECH / DVR devices1009-1007-1007-1000-FFFF – 1009-1007-1007-1000-FFFF
AVTECH / DVR devices1009Y-1003Y-1006Y-1001Y – 1009Y-1003Y-1006Y-1001Y
AVTECH / DVR devices1010-1004-1007-1001 – 1010-1004-1007-1001
AVTECH / DVR devices1010-1005-1005-1002 – 1010-1005-1005-1002
AVTECH / DVR devices1011-1004-1005-1006 – 1011-1004-1005-1006
AVTECH / DVR devices1011-1005-1007-1001 – 1011-1005-1007-1001
AVTECH / DVR devices1011-1005-1007EJ-1001 – 1011-1005-1007EJ-1001
AVTECH / DVR devices1011-1005-1008-1002 – 1011-1005-1008-1002
AVTECH / DVR devices1012-1004-1005-1006 – 1012-1004-1005-1006
AVTECH / DVR devices1012-1005-1007-1002 – 1012-1005-1007-1002
AVTECH / DVR devices1012-1006-1007-1001 – 1012-1006-1007-1001
AVTECH / DVR devices1012-1008-1009-1000-FFFF – 1012-1008-1009-1000-FFFF
AVTECH / DVR devices1014-1005-1009-1002 – 1014-1005-1009-1002
AVTECH / DVR devices1014-1007-1009-1001 – 1014-1007-1009-1001
AVTECH / DVR devices1014-1010-1010-1000-FFFF – 1014-1010-1010-1000-FFFF
AVTECH / DVR devices1014Y-1007Y-1009Y-1001Y – 1014Y-1007Y-1009Y-1001Y
AVTECH / DVR devices1015-1006-1010-1003 – 1015-1006-1010-1003
AVTECH / DVR devices1015-1007-1007-1007 – 1015-1007-1007-1007
AVTECH / DVR devices1015-1007-1010-1001 – 1015-1007-1010-1001
AVTECH / DVR devices1015-1010-1011-1000-FFFF – 1015-1010-1011-1000-FFFF
AVTECH / DVR devices1015Y-1007Y-1010Y-1001Y – 1015Y-1007Y-1010Y-1001Y
AVTECH / DVR devices1016-1007-1005-1001 – 1016-1007-1005-1001
AVTECH / DVR devices1016-1007-1011-1001 – 1016-1007-1011-1001
AVTECH / DVR devices1016-1007-1011-1003 – 1016-1007-1011-1003
AVTECH / DVR devices1016-1008-1007-1007 – 1016-1008-1007-1007
AVTECH / DVR devices1016Y-1007Y-1011Y-1001Y – 1016Y-1007Y-1011Y-1001Y
AVTECH / DVR devices1017-1008-1012-1002 – 1017-1008-1012-1002
AVTECH / DVR devices1017-1009-1008-1008 – 1017-1009-1008-1008
AVTECH / DVR devices1017-1011-1013-1001-FFFF – 1017-1011-1013-1001-FFFF
AVTECH / DVR devices1017f-1011f-1013f-1001f-FFFF – 1017f-1011f-1013f-1001f-FFFF
AVTECH / DVR devices1017Y-1008Y-1012Y-1002Y – 1017Y-1008Y-1012Y-1002Y
AVTECH / DVR devices1018-1008-1012-1004 – 1018-1008-1012-1004
AVTECH / DVR devices1019-1009-1013-1003 – 1019-1009-1013-1003
AVTECH / DVR devices1019-1010-1009-1009 – 1019-1010-1009-1009
AVTECH / DVR devices1019c-1012c-1014c-1001c-FFFF – 1019c-1012c-1014c-1001c-FFFF
AVTECH / DVR devices1021-1011-1010-1009 – 1021-1011-1010-1009
AVTECH / DVR devices1022-1012-1011-1009 – 1022-1012-1011-1009
AVTECH / DVR devices1022-1014-1016-1002-FFFF – 1022-1014-1016-1002-FFFF
AVTECH / DVR devices1022Y-1014Y-1016Y-1002Y-FFFF – 1022Y-1014Y-1016Y-1002Y-FFFF
AVTECH / DVR devices1023-1013-1011-1009 – 1023-1013-1011-1009
AVTECH / DVR devices1023-1014-1017-1002-FFFF – 1023-1014-1017-1002-FFFF
AVTECH / DVR devices1025-1014-1013-1009 – 1025-1014-1013-1009
AVTECH / DVR devices1026-1014-1014-1009 – 1026-1014-1014-1009
AVTECH / DVR devices1027-1014-1015-1009 – 1027-1014-1015-1009
AVTECH / DVR devicesS968-S968-S968-S968 – S968-S968-S968-S968
AVTECH / DVR devicesV171P-V171P-V171P-V171P – V171P-V171P-V171P-V171P
AVTECH / DVR devicesV189-V189-V189-V189 – V189-V189-V189-V189

CVE-2025-34051

Description

CVSS breakdown

Affected products

References