{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-34054", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.548Z", "datePublished": "2025-07-01T14:46:00.832Z", "dateUpdated": "2026-04-07T14:09:16.220Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Search.cgi", "username parameter", "queryb64str"], "product": "IP camera, DVR, and NVR Devices", "vendor": "AVTECH", "versions": [{"status": "affected", "version": "1008-1002-1005-1000"}, {"status": "affected", "version": "1009-1003-1006-1001"}, {"status": "affected", "version": "1009Y-1003Y-1006Y-1001Y"}, {"status": "affected", "version": "1010-1004-1007-1001"}, {"status": "affected", "version": "1011-1005-1008-1002"}, {"status": "affected", "version": "1014-1005-1009-1002"}, {"status": "affected", "version": "1015-1006-1010-1003"}, {"status": "affected", "version": "1016-1007-1011-1003"}, {"status": "affected", "version": "1017-1008-1012-1002"}, {"status": "affected", "version": "1017Y-1008Y-1012Y-1002Y"}, {"status": "affected", "version": "1018-1008-1012-1004"}, {"status": "affected", "version": "1019-1009-1013-1003"}, {"status": "affected", "version": "1019c-1012c-1014c-1001c-FFFF"}, {"status": "affected", "version": "1022-1014-1016-1002-FFFF"}, {"status": "affected", "version": "1022Y-1014Y-1016Y-1002Y-FFFF"}, {"status": "affected", "version": "1023-1014-1017-1002-FFFF"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gergely Eberhardt (SEARCH-LAB.hu)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC."}], "value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}, {"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:09:16.220Z"}, "references": [{"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/40500"}, {"tags": ["product"], "url": "https://avtech.com/"}, {"tags": ["third-party-advisory", "technical-description"], "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"}, {"tags": ["exploit"], "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_known-exploited-vulnerability"], "title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}, "datePublic": "2016-10-11T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T18:46:33.820743Z", "id": "CVE-2025-34054", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T18:46:40.272Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34054", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-01T18:46:33.820743Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T18:32:08.268Z"}}], "cna": {"tags": ["x_known-exploited-vulnerability"], "title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Gergely Eberhardt (SEARCH-LAB.hu)"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}, {"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AVTECH", "modules": ["Search.cgi", "username parameter", "queryb64str"], "product": "IP camera, DVR, and NVR Devices", "versions": [{"status": "affected", "version": "1008-1002-1005-1000"}, {"status": "affected", "version": "1009-1003-1006-1001"}, {"status": "affected", "version": "1009Y-1003Y-1006Y-1001Y"}, {"status": "affected", "version": "1010-1004-1007-1001"}, {"status": "affected", "version": "1011-1005-1008-1002"}, {"status": "affected", "version": "1014-1005-1009-1002"}, {"status": "affected", "version": "1015-1006-1010-1003"}, {"status": "affected", "version": "1016-1007-1011-1003"}, {"status": "affected", "version": "1017-1008-1012-1002"}, {"status": "affected", "version": "1017Y-1008Y-1012Y-1002Y"}, {"status": "affected", "version": "1018-1008-1012-1004"}, {"status": "affected", "version": "1019-1009-1013-1003"}, {"status": "affected", "version": "1019c-1012c-1014c-1001c-FFFF"}, {"status": "affected", "version": "1022-1014-1016-1002-FFFF"}, {"status": "affected", "version": "1022Y-1014Y-1016Y-1002Y-FFFF"}, {"status": "affected", "version": "1023-1014-1017-1002-FFFF"}], "defaultStatus": "unaffected"}], "datePublic": "2016-10-11T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/40500", "tags": ["exploit"]}, {"url": "https://avtech.com/", "tags": ["product"]}, {"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities", "tags": ["third-party-advisory", "technical-description"]}, {"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH", "tags": ["exploit"]}, {"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:09:16.220Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34054", "state": "PUBLISHED", "dateUpdated": "2026-04-07T14:09:16.220Z", "dateReserved": "2025-04-15T19:15:22.548Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-07-01T14:46:00.832Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos no autenticados en dispositivos AVTECH DVR mediante Search.cgi?action=cgi_query. El uso de wget sin depuraci\u00f3n de entrada permite a los atacantes inyectar comandos de shell mediante los par\u00e1metros `username` o `queryb64str`, ejecut\u00e1ndolos como root."}], "id": "CVE-2025-34054", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-07-01T15:15:23.910", "references": [{"source": "disclosure@vulncheck.com", "url": "https://avtech.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/40500"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T11:10:09.658462+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update supplied by AVTECH that fixes the Search.cgi injection flaw.", "If no patch is available, disable the vulnerable Search.cgi endpoint or block access to action=cgi_query through firewall rules to prevent remote command injection.", "Secure the device network segment, applying strict access controls and monitoring for anomalous traffic that may indicate exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote Command Execution as root"}, "threat_synthesis": {"affected_systems": "The affected products are AVTECH IP cameras, DVRs, and NVRs. No particular firmware or model versions are listed, but all devices exposing the Search.cgi interface are potentially vulnerable.", "description_and_impact": "An unauthenticated command injection flaw exists in AVTECH devices accessed via Search.cgi?action=cgi_query. The lack of input sanitization on the username and queryb64str parameters allows attackers to inject shell commands, which are executed with root privileges. This vulnerability is a classic Command Injection (CWE-78) that can lead to full device compromise and unauthorized system control.", "risk_and_exploitability": "The CVSS score of 10 indicates critical severity, while the EPSS score of 2% indicates a low to moderate current exploitation probability. The flaw is not listed in the CISA KEV catalog. The attack vector is remote, unauthenticated access to the device over the network, and exploitation has been observed by Shadowserver. Attackers can execute arbitrary commands as root, potentially installing backdoors or exfiltrating data."}}}}, "created": "2026-04-28T11:15:26.096255+00:00", "updated": "2026-04-28T11:15:26.096266+00:00", "vendors": []}