Back to search
CVE-2025-34053
Published: Jul 1, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
| Vendor | Product | Versions |
|---|---|---|
AVTECH | IP camera, DVR, and NVR devices | affected 1000-1000-1000-1000affected 1000C-1000C-1000C-1000Caffected 1001-1000-1000-1000affected 1001-1001-1000-1000affected 1002-1000-1000-1000+181 more versions |
Weaknesses (CWE)
References
https://avtech.com/
product
https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities
third-party-advisory
technical-description
https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now