QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34066

Published: Jul 1, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.

Vendor	Product	Versions
AVTECH	IP cameras	affected `0`
AVTECH	DVR devices	affected `0`
AVTECH	NVR devices	affected `0`

Weaknesses (CWE)

References

https://www.exploit-db.com/exploits/40500

exploit

https://avtech.com/

product

https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

third-party-advisory

technical-description

https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

exploit

https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.