{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-34066", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.549Z", "datePublished": "2025-07-01T14:47:44.573Z", "dateUpdated": "2026-04-07T14:09:19.390Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Cloud sync shell scripts", "--no-check-certificate (hardcoded)"], "product": "IP cameras", "vendor": "AVTECH", "versions": [{"status": "affected", "version": "0"}]}, {"defaultStatus": "unaffected", "modules": ["Cloud sync shell scripts", "--no-check-certificate (hardcoded)"], "product": "DVR devices", "vendor": "AVTECH", "versions": [{"status": "affected", "version": "0"}]}, {"defaultStatus": "unaffected", "modules": ["Cloud sync shell scripts", "--no-check-certificate (hardcoded)"], "product": "NVR devices", "vendor": "AVTECH", "versions": [{"status": "affected", "version": "0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gergely Eberhardt (SEARCH-LAB.hu)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks."}], "value": "An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks."}], "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94 Adversary in the Middle (AiTM)"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:09:19.390Z"}, "references": [{"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/40500"}, {"tags": ["product"], "url": "https://avtech.com/"}, {"tags": ["third-party-advisory", "technical-description"], "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"}, {"tags": ["exploit"], "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"}], "source": {"discovery": "UNKNOWN"}, "title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}, "datePublic": "2016-10-11T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T18:37:09.538771Z", "id": "CVE-2025-34066", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T18:37:36.761Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34066", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-01T18:37:09.538771Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T18:37:24.839Z"}}], "cna": {"title": "AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Gergely Eberhardt (SEARCH-LAB.hu)"}], "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94 Adversary in the Middle (AiTM)"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AVTECH", "modules": ["Cloud sync shell scripts", "--no-check-certificate (hardcoded)"], "product": "IP cameras", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}, {"vendor": "AVTECH", "modules": ["Cloud sync shell scripts", "--no-check-certificate (hardcoded)"], "product": "DVR devices", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}, {"vendor": "AVTECH", "modules": ["Cloud sync shell scripts", "--no-check-certificate (hardcoded)"], "product": "NVR devices", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.exploit-db.com/exploits/40500", "tags": ["exploit"]}, {"url": "https://avtech.com/", "tags": ["product"]}, {"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities", "tags": ["third-party-advisory", "technical-description"]}, {"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH", "tags": ["exploit"]}, {"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.", "supportingMedia": [{"type": "text/html", "value": "An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-07-01T14:47:44.573Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34066", "state": "PUBLISHED", "dateUpdated": "2025-07-01T18:37:36.761Z", "dateReserved": "2025-04-15T19:15:22.549Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-07-01T14:47:44.573Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n incorrecta de certificados en AVTECH IP cameras, DVRs, y NVRs debido al uso de wget con --no-check-certificate en scripts como SyncCloudAccount.sh y SyncPermit.sh. Esto expone las comunicaciones HTTPS a ataques de intermediario (MITM)."}], "id": "CVE-2025-34066", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-07-01T15:15:25.327", "references": [{"source": "disclosure@vulncheck.com", "url": "https://avtech.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/40500"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T01:15:17.158433+00:00", "value": {"mitigation_remediation": ["Ensure firmware is updated to a version that removes the '--no-check-certificate' option or otherwise implements proper certificate validation.", "If an update is unavailable, isolate the device from untrusted networks or configure firewall rules to block external HTTPS connections.", "Patch or replace SyncCloudAccount.sh and SyncPermit.sh to enforce certificate verification or eliminate the ability to run wget with insecure flags."], "summary": {"action": "Patch", "impact": "Information Disclosure via Man-in-the-Middle"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts AVTECH DVR devices, IP cameras, and NVR devices that run the affected scripts. Specific affected firmware versions are not listed in the advisory, so all models that contain these scripts and have not been patched carry the risk.", "description_and_impact": "AVTECH IP cameras, DVRs, and NVRs have an improper certificate validation flaw caused by the use of the wget utility with the --no-check-certificate flag in scripts such as SyncCloudAccount.sh and SyncPermit.sh. This defect allows an attacker to perform a Man-in-the-Middle attack on all HTTPS traffic exchanged by the device, exposing sensitive configuration data, video streams, or other communications to eavesdropping and modification. The weakness is a classic example of CWE\u2011295, where certificates are not validated, potentially compromising confidentiality and integrity of communications.", "risk_and_exploitability": "The CVSS score of 8.3 indicates high severity. The EPSS score of < 1% suggests current exploitation probability is low, and the issue is not listed in the CISA KEV catalog, meaning no confirmed widespread attacks are reported. Based on the description, the most probable attack vector is an unauthenticated network adversary who can intercept or modify traffic to the device, leveraging the insecure certificate trust to inject traffic or spy on data."}}}}, "created": "2026-04-28T01:30:17.912519+00:00", "updated": "2026-04-28T01:30:17.912556+00:00", "vendors": []}