CVE-2025-34050 | THREATINT

Description

A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-01 | Updated 2025-07-01 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Credits

Gergely Eberhardt (SEARCH-LAB.hu) finder

References

www.exploit-db.com/exploits/40500 exploit

avtech.com/ product

web.archive.org/...6-AVTech-devices-multiple-vulnerabilities third-party-advisory technical-description

web.archive.org/...1029201749/https://github.com/ebux/AVTECH exploit

vulncheck.com/...ries/avtech-ipcamera-nvr-dvr-mulitple-vulns third-party-advisory

cve.org (CVE-2025-34050)

nvd.nist.gov (CVE-2025-34050)

Download JSON

help @ threatint.eu