Home

Description

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-01 | Updated 2025-07-01 | Assigner VulnCheck




CRITICAL: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20 Improper Input Validation

Product status

Default status
unaffected

1001-1000-1000-1000
affected

1002-1000-1000-1000
affected

1002-1001-1001-1001
affected

1003-1000-1001-1000
affected

1003-1001-1001-1000
affected

1003-1001-1001-1001
affected

1004-1000-1000-1000
affected

1004-1001-1001-1001
affected

1004-1001-1002-1000
affected

1004-1002-1001-1000
affected

1004V-1002V-1003V-1001V
affected

1004Y-1002Y-1001EJ-1000Y
affected

1005-1001-1002-1000
affected

1005-1002-1001-1002
affected

1005-1002-1002-1000
affected

1005-1002-1004-1001
affected

1006-1001-1003-1000
affected

1006-1001-1003-1003
affected

1006-1002-1001-1002
affected

1006-1002-1003-1000
affected

1006R-1002R-1001R-1002R
affected

1007-1001-1003-1000
affected

1007-1001-1003-1003
affected

1007-1002-1004-1000
affected

1007-1003-1005-1001
affected

1007E-1003E-1005EJ-1001E
affected

1007V-1003V-1005V-1001V
affected

1008-1001-1001-1001
affected

1008-1002-1002-1003
affected

1008-1002-1005-1000
affected

1008-1003-1005-1003
affected

1008-1004-1003-1002
affected

1009-1001-1002-1001
affected

1009-1001-1004-1000
affected

1009-1003-1006-1001
affected

1009-1004-1005-1006
affected

1009-1004-1006-1003
affected

1009Y-1003Y-1006Y-1001Y
affected

1010-1001-1003-1001
affected

1010-1001-1004-1005
affected

1010-1002-1005-1000
affected

1010-1004-1007-1001
affected

1010-1005-1005-1002
affected

1011-1002-1004-1001
affected

1011-1002-1006-1000
affected

1011-1005-1007EJ-1001
affected

1011-1005-1008-1002
affected

1012-1002-1004-1001
affected

1012-1002-1006-1005
affected

1012-1002-1007-1004
affected

1012-1003-1001-1005
affected

1012-1003-1005-1005
affected

1012-1004-1008-1008
affected

1012-1008-1009-1000-FFFF
affected

1013-1002-1006-1005
affected

1013-1003-1005-1001
affected

1013-1004-1008-1003
affected

1013-1004-1008-1008
affected

1014-1002-1007-1004
affected

1014-1003-1006-1001
affected

1014-1003-1006PL-1001
affected

1014-1003-1007-1001
affected

1014-1004-1008-1008
affected

1014-1005-1009-1002
affected

1014-1007-1009-1001
affected

1014L-1002L-1006L-1005L
affected

1015-1006-1004-1002
affected

1015-1006-1005-1002
affected

1015-1006-1008-1002
affected

1015-1006-1008-1007
affected

1015-1006-1010-1003
affected

1015-1007-1007-1007
affected

1015K-1006K-1008PO-1002K
affected

1015Y-1007Y-1010Y-1001Y
affected

1016-1003-1007-1001
affected

1016-1004-1009-1009
affected

1016-1006-1008-1007
affected

1016-1007-1005-1001
affected

1016-1007-1009-1003
affected

1016-1007-1011-1001
affected

1016-1007-1011-1003
affected

1016-1008-1007-1007
affected

1016Y-1007Y-1011Y-1001Y
affected

1017-1002-1008-1005
affected

1017-1003-1007-1002
affected

1017-1003-1008-1006
affected

1017-1008-1012-1002
affected

1017-1011-1013-1001-FFFF
affected

1017k-1003k-1008k-1006k
affected

1017Y-1008Y-1012Y-1002Y
affected

1018-1003-1005-1004
affected

1018-1003-1007-1002
affected

1018-1003-1008-1003
affected

1018-1003-1008-1004
affected

1018-1003-1008PO-1003
affected

1018-1006-1009-1007
affected

1018-1007-1009-1003
affected

1018-1008-1012-1004
affected

1019-1003-1007-1002
affected

1019-1003-1008-1001
affected

1019-1004-1009-1007
affected

1019-1007-1009-1003
affected

1019-1009-1013-1003
affected

1019-1010-1009-1009
affected

1019c-1012c-1014c-1001c-FFFF
affected

1020-1003-1008-1003
affected

1020-1003-1008-1004
affected

1020-1003-1010-1006
affected

1020-1004-1009-1007
affected

1020-1005-1011-1010
affected

1020-1005-1012-1007
affected

1020-1007-1008-1003
affected

1020-1007-1009-1003
affected

1021-1003-1008-1003
affected

1021-1003-1008-1004
affected

1021-1005-1011-1010
affected

1021-1007-1010-1003
affected

1021L-1003L-1010L-1006L
affected

1021r-1004r-1009r-1007r
affected

1022-1003-1008-1002
affected

1022-1004-1009-1007
affected

1022-1007-1012-1007
affected

1022-1012-1011-1009
affected

1022-1014-1016-1002-FFFF
affected

1022L-1004L-1011L-1006L
affected

1022L-1005L-1011L-1010L
affected

1022Y-1014Y-1016Y-1002Y-FFFF
affected

1023-1004-1010-1007
affected

1023-1014-1017-1002-FFFF
affected

1025-1006-1013-1011
affected

1025-1008-1013-1008
affected

1025-1014-1013-1009
affected

1027-1008-1012-1008
affected

1027-1008-1013-1008
affected

1027-1014-1015-1009
affected

1027L-1006L-1015L-1009L
affected

1028-1007-1014-1012
affected

1029-1007-1014-1008
affected

1030-1007-1014-1012
affected

1030-1008-1014-1008
affected

1031-1007-1015-1012
affected

1032-1007-1015-1008
affected

1032k-1007k-1015k-1008k
affected

1036r-1008r-1016r-1009r
affected

1037-1008-1017-1009
affected

S749-S749-S749-S749
affected

S820-S820-S820-S820
affected

S823-S823-S823-S823
affected

S855-S855-S855-S855
affected

S914V-S914V-S914V-S914V
affected

S968-S968-S968-S968
affected

S984-S984-S984-S984
affected

T717-T717-T717-T717
affected

Credits

Gergely Eberhardt (SEARCH-LAB.hu) finder

References

www.exploit-db.com/exploits/40500 exploit

avtech.com/ product

web.archive.org/...6-AVTech-devices-multiple-vulnerabilities third-party-advisory technical-description

web.archive.org/...1029201749/https://github.com/ebux/AVTECH exploit

vulncheck.com/...ries/avtech-ipcamera-nvr-dvr-mulitple-vulns third-party-advisory

cve.org (CVE-2025-34055)

nvd.nist.gov (CVE-2025-34055)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.