Description
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- AVTECH / IP camera, DVR, and NVR Devices1000-1000-1000-1000 – 1000-1000-1000-1000
- AVTECH / IP camera, DVR, and NVR Devices1000C-1000C-1000C-1000C – 1000C-1000C-1000C-1000C
- AVTECH / IP camera, DVR, and NVR Devices1001-1000-1000-1000 – 1001-1000-1000-1000
- AVTECH / IP camera, DVR, and NVR Devices1001-1001-1000-1000 – 1001-1001-1000-1000
- AVTECH / IP camera, DVR, and NVR Devices1002-1000-1000-1000 – 1002-1000-1000-1000
- AVTECH / IP camera, DVR, and NVR Devices1002-1002-1000-1002 – 1002-1002-1000-1002
- AVTECH / IP camera, DVR, and NVR Devices1002D-1000D-1000D-1000D – 1002D-1000D-1000D-1000D
- AVTECH / IP camera, DVR, and NVR Devices1003-1000-1000-1001 – 1003-1000-1000-1001
- AVTECH / IP camera, DVR, and NVR Devices1003-1001-1001-1000 – 1003-1001-1001-1000
- AVTECH / IP camera, DVR, and NVR Devices1003-1002-1001-1000 – 1003-1002-1001-1000
- AVTECH / IP camera, DVR, and NVR Devices1004-1000-1000-1000 – 1004-1000-1000-1000
- AVTECH / IP camera, DVR, and NVR Devices1004-1001-1001-1001 – 1004-1001-1001-1001
- AVTECH / IP camera, DVR, and NVR Devices1004-1003-1001-1002 – 1004-1003-1001-1002
- AVTECH / IP camera, DVR, and NVR Devices1004-1003-1002-1001 – 1004-1003-1002-1001
- AVTECH / IP camera, DVR, and NVR Devices1004A-1001A-1002A-1000A – 1004A-1001A-1002A-1000A
- AVTECH / IP camera, DVR, and NVR Devices1005-1002-1001-1002 – 1005-1002-1001-1002
- AVTECH / IP camera, DVR, and NVR Devices1005-1003-1001-1002 – 1005-1003-1001-1002
- AVTECH / IP camera, DVR, and NVR Devices1005-1004-1002-1001 – 1005-1004-1002-1001
- AVTECH / IP camera, DVR, and NVR Devices1005A-1001A-1002A-1001A – 1005A-1001A-1002A-1001A
- AVTECH / IP camera, DVR, and NVR Devices1005D-1001D-1002D-1001D – 1005D-1001D-1002D-1001D
- AVTECH / IP camera, DVR, and NVR Devices1006-1002-1001-1002 – 1006-1002-1001-1002
- AVTECH / IP camera, DVR, and NVR Devices1006-1004-1003-1001 – 1006-1004-1003-1001
- AVTECH / IP camera, DVR, and NVR Devices1007-1001-1003-1001 – 1007-1001-1003-1001
- AVTECH / IP camera, DVR, and NVR Devices1007-1001-1004-1003 – 1007-1001-1004-1003
- AVTECH / IP camera, DVR, and NVR Devices1007-1002-1001-1003 – 1007-1002-1001-1003
- AVTECH / IP camera, DVR, and NVR Devices1007-1002-1003-1002 – 1007-1002-1003-1002
- AVTECH / IP camera, DVR, and NVR Devices1007-1004-1003-1001 – 1007-1004-1003-1001
- AVTECH / IP camera, DVR, and NVR Devices1008-1001-1003-1002 – 1008-1001-1003-1002
- AVTECH / IP camera, DVR, and NVR Devices1008-1004-1004-1001 – 1008-1004-1004-1001
- AVTECH / IP camera, DVR, and NVR Devices1008D-1003D-1004D-1002D – 1008D-1003D-1004D-1002D
- AVTECH / IP camera, DVR, and NVR Devices1008J-1004J-1004J-1001J – 1008J-1004J-1004J-1001J
- AVTECH / IP camera, DVR, and NVR Devices1009-1001-1004-1001 – 1009-1001-1004-1001
- AVTECH / IP camera, DVR, and NVR Devices1009-1002-1005-1003 – 1009-1002-1005-1003
- AVTECH / IP camera, DVR, and NVR Devices1009-1003-1005-1002 – 1009-1003-1005-1002
- AVTECH / IP camera, DVR, and NVR Devices1010-1001-1004-1001 – 1010-1001-1004-1001
- AVTECH / IP camera, DVR, and NVR Devices1010-1001-1004-1002 – 1010-1001-1004-1002
- AVTECH / IP camera, DVR, and NVR Devices1010-1003-1005-1002 – 1010-1003-1005-1002
- AVTECH / IP camera, DVR, and NVR Devices1010-1003-1006-1003 – 1010-1003-1006-1003
- AVTECH / IP camera, DVR, and NVR Devices1010-1003-1006-1004 – 1010-1003-1006-1004
- AVTECH / IP camera, DVR, and NVR Devices1010-1004-1007-1001 – 1010-1004-1007-1001
- AVTECH / IP camera, DVR, and NVR Devices1010J-1001J-1004J-1001J – 1010J-1001J-1004J-1001J
- AVTECH / IP camera, DVR, and NVR Devices1010N-1003N-1005N-1002N – 1010N-1003N-1005N-1002N
- AVTECH / IP camera, DVR, and NVR Devices1011-1001-1002A-1002 – 1011-1001-1002A-1002
- AVTECH / IP camera, DVR, and NVR Devices1011-1001-1002D-1002 – 1011-1001-1002D-1002
- AVTECH / IP camera, DVR, and NVR Devices1011-1001-1003-1002 – 1011-1001-1003-1002
- AVTECH / IP camera, DVR, and NVR Devices1011-1001-1004-1002 – 1011-1001-1004-1002
- AVTECH / IP camera, DVR, and NVR Devices1011-1001-1005-1002 – 1011-1001-1005-1002
- AVTECH / IP camera, DVR, and NVR Devices1011-1004-1005-1002 – 1011-1004-1005-1002
- AVTECH / IP camera, DVR, and NVR Devices1012-1001-1005-1002 – 1012-1001-1005-1002
- AVTECH / IP camera, DVR, and NVR Devices1012-1001-1005-1003 – 1012-1001-1005-1003
- AVTECH / IP camera, DVR, and NVR Devices1012-1001-1005PO-1002 – 1012-1001-1005PO-1002
- AVTECH / IP camera, DVR, and NVR Devices1012-1003-1007-1002 – 1012-1003-1007-1002
- AVTECH / IP camera, DVR, and NVR Devices1012-1003-1007-1004 – 1012-1003-1007-1004
- AVTECH / IP camera, DVR, and NVR Devices1013-1001-1005-1003 – 1013-1001-1005-1003
- AVTECH / IP camera, DVR, and NVR Devices1013-1002-1006-1002 – 1013-1002-1006-1002
- AVTECH / IP camera, DVR, and NVR Devices1013-1003-1008-1003 – 1013-1003-1008-1003
- AVTECH / IP camera, DVR, and NVR Devices1013-1004-1008-1004 – 1013-1004-1008-1004
- AVTECH / IP camera, DVR, and NVR Devices1013-1005-1005-1002 – 1013-1005-1005-1002
- AVTECH / IP camera, DVR, and NVR Devices1013-1005-1007-1002 – 1013-1005-1007-1002
- AVTECH / IP camera, DVR, and NVR Devices1013K-1005K-1007PO-1002K – 1013K-1005K-1007PO-1002K
- AVTECH / IP camera, DVR, and NVR Devices1014-1002-1006-1002 – 1014-1002-1006-1002
- AVTECH / IP camera, DVR, and NVR Devices1014-1002-1006-1003 – 1014-1002-1006-1003
- AVTECH / IP camera, DVR, and NVR Devices1014-1003-1008-1003 – 1014-1003-1008-1003
- AVTECH / IP camera, DVR, and NVR Devices1014-1005-1008-1002 – 1014-1005-1008-1002
- AVTECH / IP camera, DVR, and NVR Devices1014B-1002B-1006B-1002B – 1014B-1002B-1006B-1002B
- AVTECH / IP camera, DVR, and NVR Devices1015-1001-1006-1003 – 1015-1001-1006-1003
- AVTECH / IP camera, DVR, and NVR Devices1015-1002-1006-1003 – 1015-1002-1006-1003
- AVTECH / IP camera, DVR, and NVR Devices1015-1002-1007-1002 – 1015-1002-1007-1002
- AVTECH / IP camera, DVR, and NVR Devices1015-1003-1008-1003 – 1015-1003-1008-1003
- AVTECH / IP camera, DVR, and NVR Devices1015-1005-1009-1004 – 1015-1005-1009-1004
- AVTECH / IP camera, DVR, and NVR Devices1015-1006-1004-1002 – 1015-1006-1004-1002
- AVTECH / IP camera, DVR, and NVR Devices1015-1006-1005-1002 – 1015-1006-1005-1002
- AVTECH / IP camera, DVR, and NVR Devices1015-1006-1008-1002 – 1015-1006-1008-1002
- AVTECH / IP camera, DVR, and NVR Devices1015C-1004C-1003C-1005C – 1015C-1004C-1003C-1005C
- AVTECH / IP camera, DVR, and NVR Devices1015K-1006K-1008PO-1002K – 1015K-1006K-1008PO-1002K
- AVTECH / IP camera, DVR, and NVR Devices1016-1002-1007-1002 – 1016-1002-1007-1002
- AVTECH / IP camera, DVR, and NVR Devices1016-1006-1013-1002 – 1016-1006-1013-1002
- AVTECH / IP camera, DVR, and NVR Devices1016-1007-1009-1003 – 1016-1007-1009-1003
- AVTECH / IP camera, DVR, and NVR Devices1016-1007-1011-1003 – 1016-1007-1011-1003
- AVTECH / IP camera, DVR, and NVR Devices1017-1002-1007-1003 – 1017-1002-1007-1003
- AVTECH / IP camera, DVR, and NVR Devices1017-1003-1007-1003 – 1017-1003-1007-1003
- AVTECH / IP camera, DVR, and NVR Devices1017-1003-1009-1003 – 1017-1003-1009-1003
- AVTECH / IP camera, DVR, and NVR Devices1017-1005-1004-1005 – 1017-1005-1004-1005
- AVTECH / IP camera, DVR, and NVR Devices1017-1006-1013-1002 – 1017-1006-1013-1002
- AVTECH / IP camera, DVR, and NVR Devices1017-1013-1014-1005 – 1017-1013-1014-1005
- AVTECH / IP camera, DVR, and NVR Devices1018-1003-1005-1004 – 1018-1003-1005-1004
- AVTECH / IP camera, DVR, and NVR Devices1018-1003-1008-1003 – 1018-1003-1008-1003
- AVTECH / IP camera, DVR, and NVR Devices1018-1003-1008-1004 – 1018-1003-1008-1004
- AVTECH / IP camera, DVR, and NVR Devices1018-1003-1008PO-1003 – 1018-1003-1008PO-1003
- AVTECH / IP camera, DVR, and NVR Devices1018-1004-1005-1005 – 1018-1004-1005-1005
- AVTECH / IP camera, DVR, and NVR Devices1018-1007-1009-1003 – 1018-1007-1009-1003
- AVTECH / IP camera, DVR, and NVR Devices1018-1012-1011-1010 – 1018-1012-1011-1010
- AVTECH / IP camera, DVR, and NVR Devices1019-1004-1006-1005 – 1019-1004-1006-1005
- AVTECH / IP camera, DVR, and NVR Devices1019-1007-1009-1003 – 1019-1007-1009-1003
- AVTECH / IP camera, DVR, and NVR Devices1020-1003-1008-1003 – 1020-1003-1008-1003
- AVTECH / IP camera, DVR, and NVR Devices1020-1003-1008-1004 – 1020-1003-1008-1004
- AVTECH / IP camera, DVR, and NVR Devices1020-1004-1007-1006 – 1020-1004-1007-1006
- AVTECH / IP camera, DVR, and NVR Devices1020-1007-1008-1003 – 1020-1007-1008-1003
- AVTECH / IP camera, DVR, and NVR Devices1020-1007-1009-1003 – 1020-1007-1009-1003
- AVTECH / IP camera, DVR, and NVR Devices1021-1003-1008-1003 – 1021-1003-1008-1003
- AVTECH / IP camera, DVR, and NVR Devices1021-1003-1008-1004 – 1021-1003-1008-1004
- AVTECH / IP camera, DVR, and NVR Devices1021-1005-1006-1005 – 1021-1005-1006-1005
- AVTECH / IP camera, DVR, and NVR Devices1021-1005-1008-1006 – 1021-1005-1008-1006
- AVTECH / IP camera, DVR, and NVR Devices1021-1006-1015-1002 – 1021-1006-1015-1002
- AVTECH / IP camera, DVR, and NVR Devices1021-1007-1010-1003 – 1021-1007-1010-1003
- AVTECH / IP camera, DVR, and NVR Devices1022-1005-1007-1005 – 1022-1005-1007-1005
- AVTECH / IP camera, DVR, and NVR Devices1022-1005-1009-1007 – 1022-1005-1009-1007
- AVTECH / IP camera, DVR, and NVR Devices1022-1006-1015-1002 – 1022-1006-1015-1002
- AVTECH / IP camera, DVR, and NVR Devices1022-1013-1014-1010 – 1022-1013-1014-1010
- AVTECH / IP camera, DVR, and NVR Devices1022-1014-1016-1002-FFFF – 1022-1014-1016-1002-FFFF
- AVTECH / IP camera, DVR, and NVR Devices1022Y-1014Y-1016Y-1002Y-FFFF – 1022Y-1014Y-1016Y-1002Y-FFFF
- AVTECH / IP camera, DVR, and NVR Devices1023-1005-1008-1006 – 1023-1005-1008-1006
- AVTECH / IP camera, DVR, and NVR Devices1023-1007-1016-1003 – 1023-1007-1016-1003
- AVTECH / IP camera, DVR, and NVR Devices1024-1019-1019-1007 – 1024-1019-1019-1007
- AVTECH / IP camera, DVR, and NVR Devices1025-1006-1010-1007 – 1025-1006-1010-1007
- AVTECH / IP camera, DVR, and NVR Devices1025-1017-1017-1011 – 1025-1017-1017-1011
- AVTECH / IP camera, DVR, and NVR Devices1027-1007-1019-1003 – 1027-1007-1019-1003
- AVTECH / IP camera, DVR, and NVR Devices1027-1021-1021-1008 – 1027-1021-1021-1008
- AVTECH / IP camera, DVR, and NVR Devices1028-1021-1022-1008 – 1028-1021-1022-1008
- AVTECH / IP camera, DVR, and NVR Devices1031-1007-1022-1003 – 1031-1007-1022-1003
- AVTECH / IP camera, DVR, and NVR Devices1032-1022-1024-1008 – 1032-1022-1024-1008
- AVTECH / IP camera, DVR, and NVR Devices1033-1018-1021-1012 – 1033-1018-1021-1012
- AVTECH / IP camera, DVR, and NVR Devices1035-1005-1005-1004 – 1035-1005-1005-1004
- AVTECH / IP camera, DVR, and NVR Devices1035-1005-1005-1005 – 1035-1005-1005-1005
- AVTECH / IP camera, DVR, and NVR Devices1035-1005-1005-1005P – 1035-1005-1005-1005P
- AVTECH / IP camera, DVR, and NVR Devices1035-1007-1024-1003 – 1035-1007-1024-1003
- AVTECH / IP camera, DVR, and NVR Devices1035-1024-1025-1008 – 1035-1024-1025-1008
- AVTECH / IP camera, DVR, and NVR Devices1036-1005-1006-1005 – 1036-1005-1006-1005
- AVTECH / IP camera, DVR, and NVR Devices1036-1007-1024-1003 – 1036-1007-1024-1003
- AVTECH / IP camera, DVR, and NVR Devices1036-1014-1016-1016 – 1036-1014-1016-1016
- AVTECH / IP camera, DVR, and NVR Devices1037-1024-1027-1008 – 1037-1024-1027-1008
- AVTECH / IP camera, DVR, and NVR Devices1037-1025-1027-1008 – 1037-1025-1027-1008
- AVTECH / IP camera, DVR, and NVR Devices1038-1021-1024-1012 – 1038-1021-1024-1012
- AVTECH / IP camera, DVR, and NVR Devices1038-1021-1024-1012-A5 – 1038-1021-1024-1012-A5
- AVTECH / IP camera, DVR, and NVR Devices1038-1025-1028-1008 – 1038-1025-1028-1008
- AVTECH / IP camera, DVR, and NVR Devices1039-1005-1008-1004 – 1039-1005-1008-1004
- AVTECH / IP camera, DVR, and NVR Devices1039-1005-1008-1005 – 1039-1005-1008-1005
- AVTECH / IP camera, DVR, and NVR Devices1039-1014-1017-1016 – 1039-1014-1017-1016
- AVTECH / IP camera, DVR, and NVR Devices1039D-1014D-1017D-1016D – 1039D-1014D-1017D-1016D
- AVTECH / IP camera, DVR, and NVR Devices1040-1026-1029-1008 – 1040-1026-1029-1008
- AVTECH / IP camera, DVR, and NVR Devices1041-1005-1009-1005 – 1041-1005-1009-1005
- AVTECH / IP camera, DVR, and NVR Devices1042-1026-1030-1008 – 1042-1026-1030-1008
- AVTECH / IP camera, DVR, and NVR Devices1044-1026-1030-1008 – 1044-1026-1030-1008
- AVTECH / IP camera, DVR, and NVR Devices1044-1026-1031-1008 – 1044-1026-1031-1008
- AVTECH / IP camera, DVR, and NVR Devices1045-1015-1020-1018 – 1045-1015-1020-1018
- AVTECH / IP camera, DVR, and NVR Devices1046-1027-1032-1008 – 1046-1027-1032-1008
- AVTECH / IP camera, DVR, and NVR Devices1047-1027-1031-1008 – 1047-1027-1031-1008
- AVTECH / IP camera, DVR, and NVR Devices1049-1027-1033-1008 – 1049-1027-1033-1008
- AVTECH / IP camera, DVR, and NVR Devices1050-1027-1034-1008 – 1050-1027-1034-1008
- AVTECH / IP camera, DVR, and NVR Devices1050-1027-1036-1008 – 1050-1027-1036-1008
- AVTECH / IP camera, DVR, and NVR Devices1051-1027-1035-1008 – 1051-1027-1035-1008
- AVTECH / IP camera, DVR, and NVR Devices1051CZ-1028-1037-1008 – 1051CZ-1028-1037-1008
- AVTECH / IP camera, DVR, and NVR Devices1052-1027-1034-1008 – 1052-1027-1034-1008
- AVTECH / IP camera, DVR, and NVR Devices1052-1028-1038-1008 – 1052-1028-1038-1008
- AVTECH / IP camera, DVR, and NVR Devices1052A-1028-1038A-1008 – 1052A-1028-1038A-1008
- AVTECH / IP camera, DVR, and NVR Devices1054-1027-1036-1008 – 1054-1027-1036-1008
- AVTECH / IP camera, DVR, and NVR Devices1054-1028-1036-1008 – 1054-1028-1036-1008
- AVTECH / IP camera, DVR, and NVR Devices1055-1028-1036-1008 – 1055-1028-1036-1008
- AVTECH / IP camera, DVR, and NVR Devices1056-1028-1037-1008 – 1056-1028-1037-1008
- AVTECH / IP camera, DVR, and NVR Devices1058-1028-1039-1008 – 1058-1028-1039-1008
- AVTECH / IP camera, DVR, and NVR Devices1062-1028-1041-1008 – 1062-1028-1041-1008
- AVTECH / IP camera, DVR, and NVR Devices1065-1029-1043-1008 – 1065-1029-1043-1008
- AVTECH / IP camera, DVR, and NVR Devices1068-1029-1043-1008 – 1068-1029-1043-1008
- AVTECH / IP camera, DVR, and NVR Devices1069-1029-1043-1008 – 1069-1029-1043-1008
- AVTECH / IP camera, DVR, and NVR Devices1071-1029-1044-1008 – 1071-1029-1044-1008
- AVTECH / IP camera, DVR, and NVR Devices1077-1017-1035-1007 – 1077-1017-1035-1007
- AVTECH / IP camera, DVR, and NVR Devices1077-1017-1035-1007-A6 – 1077-1017-1035-1007-A6
- AVTECH / IP camera, DVR, and NVR Devices1077-1017-1035-1007-D4 – 1077-1017-1035-1007-D4
- AVTECH / IP camera, DVR, and NVR Devices1077-1017-1035-1007-D705FF – 1077-1017-1035-1007-D705FF
- AVTECH / IP camera, DVR, and NVR Devices1078-1017-1036-1007 – 1078-1017-1036-1007
- AVTECH / IP camera, DVR, and NVR Devices1078-1017-1036-1007-A6 – 1078-1017-1036-1007-A6
- AVTECH / IP camera, DVR, and NVR Devices1078-1017-1036-1007-D707FF – 1078-1017-1036-1007-D707FF
- AVTECH / IP camera, DVR, and NVR Devices1079-1017-1037-1007 – 1079-1017-1037-1007
- AVTECH / IP camera, DVR, and NVR Devices1079-1017-1037-1007-D4 – 1079-1017-1037-1007-D4
- AVTECH / IP camera, DVR, and NVR Devices1W77-1W17-1W35-1W07-A6 – 1W77-1W17-1W35-1W07-A6
- AVTECH / IP camera, DVR, and NVR DevicesA077-1017-A035-1007 – A077-1017-A035-1007
- AVTECH / IP camera, DVR, and NVR DevicesA077-1017-A035-1007-A6 – A077-1017-A035-1007-A6
- AVTECH / IP camera, DVR, and NVR DevicesA1035-1024-A1025-1008 – A1035-1024-A1025-1008
- AVTECH / IP camera, DVR, and NVR DevicesA1038-1025-A1028-1008-D4 – A1038-1025-A1028-1008-D4
- AVTECH / IP camera, DVR, and NVR DevicesS681-S681-S681-S681 – S681-S681-S681-S681
- AVTECH / IP camera, DVR, and NVR DevicesS749-S749-S749-S749 – S749-S749-S749-S749
- AVTECH / IP camera, DVR, and NVR DevicesS818-S818-S818-S818 – S818-S818-S818-S818
- AVTECH / IP camera, DVR, and NVR DevicesS820-S820-S820-S820 – S820-S820-S820-S820
- AVTECH / IP camera, DVR, and NVR DevicesS823-S823-S823-S823 – S823-S823-S823-S823
- AVTECH / IP camera, DVR, and NVR DevicesS914V-S914V-S914V-S914V – S914V-S914V-S914V-S914V
- AVTECH / IP camera, DVR, and NVR DevicesS984-S984-S984-S984 – S984-S984-S984-S984
References
- EXPLOIThttps://www.exploit-db.com/exploits/40500
- MISChttps://avtech.com/
- VENDOR_ADVISORYhttps://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities
- MISChttps://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH
- VENDOR_ADVISORYhttps://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns