{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-34050", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.548Z", "datePublished": "2025-07-01T14:42:57.143Z", "dateUpdated": "2026-04-07T14:09:13.996Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Web Management Interface (configuration endpoints)"], "product": "IP cameras", "vendor": "AVTECH", "versions": [{"status": "affected", "version": "0"}]}, {"defaultStatus": "unaffected", "modules": ["Web Management Interface (configuration endpoints)"], "product": "DVR devices", "vendor": "AVTECH", "versions": [{"status": "affected", "version": "0"}]}, {"defaultStatus": "unaffected", "modules": ["Web Management Interface (configuration endpoints)"], "product": "NVR devices", "vendor": "AVTECH", "versions": [{"status": "affected", "version": "0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gergely Eberhardt (SEARCH-LAB.hu)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user\u2019s browser session, allow unauthorized changes to the device configuration without user interaction."}], "value": "A\u00a0cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user\u2019s browser session, allow unauthorized changes to the device configuration without user interaction."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:09:13.996Z"}, "references": [{"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/40500"}, {"tags": ["product"], "url": "https://avtech.com/"}, {"tags": ["third-party-advisory", "technical-description"], "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"}, {"tags": ["exploit"], "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"}], "source": {"discovery": "UNKNOWN"}, "title": "AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery", "x_generator": {"engine": "Vulnogram 0.2.0"}, "datePublic": "2016-10-11T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T18:44:55.395830Z", "id": "CVE-2025-34050", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T18:45:06.703Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34050", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-01T18:44:55.395830Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T18:29:18.916Z"}}], "cna": {"title": "AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Gergely Eberhardt (SEARCH-LAB.hu)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AVTECH", "modules": ["Web Management Interface (configuration endpoints)"], "product": "IP cameras", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}, {"vendor": "AVTECH", "modules": ["Web Management Interface (configuration endpoints)"], "product": "DVR devices", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}, {"vendor": "AVTECH", "modules": ["Web Management Interface (configuration endpoints)"], "product": "NVR devices", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.exploit-db.com/exploits/40500", "tags": ["exploit"]}, {"url": "https://avtech.com/", "tags": ["product"]}, {"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities", "tags": ["third-party-advisory", "technical-description"]}, {"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH", "tags": ["exploit"]}, {"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A\u00a0cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user\u2019s browser session, allow unauthorized changes to the device configuration without user interaction.", "supportingMedia": [{"type": "text/html", "value": "A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user\u2019s browser session, allow unauthorized changes to the device configuration without user interaction.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-07-01T14:42:57.143Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34050", "state": "PUBLISHED", "dateUpdated": "2025-07-01T18:45:06.703Z", "dateReserved": "2025-04-15T19:15:22.548Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-07-01T14:42:57.143Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A\u00a0cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user\u2019s browser session, allow unauthorized changes to the device configuration without user interaction."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site request forgery (CSRF) en la interfaz web de AVTECH IP camera, DVR, y NVR. Un atacante puede manipular solicitudes maliciosas que, al ejecutarse en el contexto de la sesi\u00f3n del navegador de un usuario autenticado, permiten cambios no autorizados en la configuraci\u00f3n del dispositivo sin la interacci\u00f3n del usuario."}], "id": "CVE-2025-34050", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-07-01T15:15:22.933", "references": [{"source": "disclosure@vulncheck.com", "url": "https://avtech.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/40500"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T01:17:37.483249+00:00", "value": {"mitigation_remediation": ["Check AVTECH for firmware updates that fix the CSRF issue and apply them immediately", "Disable remote web interface access or restrict it to trusted IP addresses to limit the attack surface", "If the device supports CSRF guard mechanisms, enable them or require authentication tokens on state\u2011changing requests"], "summary": {"action": "Apply Patch", "impact": "Unauthorized configuration changes via CSRF"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts AVTECH DVR devices, AVTECH IP cameras, and AVTECH NVR devices. No specific firmware versions are listed in the advisory, so any device running the affected web interface is potentially susceptible.", "description_and_impact": "A cross\u2011site request forgery vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. Attacks exploit the website\u2019s lack of anti\u2011CSRF protection. An attacker, by executing a malicious request in the context of a logged\u2011in user\u2019s browser session, can change device parameters or settings without the user\u2019s interaction. The weakness is a classic verb\u2011preserving, state\u2011changing request without a valid token, classified as CWE\u2011352. The compromised configuration can affect network connectivity, image capture, or other core functions, providing an attacker with significant operational impact.", "risk_and_exploitability": "The CVSS score is 5.1, indicating a moderate severity. The EPSS score is below 1\u202f%, suggesting a very low exploitation probability under current threat intelligence. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a web\u2011based CSRF using an authenticated user\u2019s browser session, which requires remote access to the device\u2019s web UI and an active session from a compromised or malicious site."}}}}, "created": "2026-04-28T01:30:17.913363+00:00", "updated": "2026-04-28T01:30:17.913381+00:00", "vendors": []}