Back to search
CVE-2025-34065
Published: Jul 1, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
| Vendor | Product | Versions |
|---|---|---|
AVTECH | IP camera, DVR, and NVR Devices | affected 1000-1000-1000-1000affected 1000C-1000C-1000C-1000Caffected 1001-1000-1000-1000affected 1001-1001-1000-1000affected 1002-1000-1000-1000+47 more versions |
Weaknesses (CWE)
References
https://avtech.com/
product
https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities
third-party-advisory
technical-description
https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now