We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-34065

AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path



Description

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

Reserved 2025-04-15 | Published 2025-07-01 | Updated 2025-07-01 | Assigner VulnCheck


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-290 Authentication Bypass by Spoofing

Product status

Default status
unaffected

1000-1000-1000-1000
affected

1000C-1000C-1000C-1000C
affected

1001-1000-1000-1000
affected

1001-1001-1000-1000
affected

1002-1000-1000-1000
affected

1002-1002-1000-1002
affected

1002D-1000D-1000D-1000D
affected

1003-1000-1000-1001
affected

1003-1001-1001-1000
affected

1003-1002-1001-1000
affected

1004-1000-1000-1000
affected

1004-1001-1001-1001
affected

1004-1002-1000-1001
affected

1004-1003-1001-1002
affected

1004-1003-1002-1001
affected

1004A-1001A-1002A-1000A
affected

1005-1002-1001-1002
affected

1005-1003-1001-1002
affected

1005-1004-1002-1001
affected

1005A-1001A-1002A-1001A
affected

1005D-1001D-1002D-1001D
affected

1006-1002-1001-1002
affected

1006-1003-1001-1001
affected

1006-1004-1003-1001
affected

1007-1001-1003-1001
affected

1007-1001-1004-1003
affected

1007-1002-1001-1000
affected

1007-1002-1001-1003
affected

1007-1002-1003-1002
affected

1007-1004-1003-1001
affected

1008-1001-1003-1002
affected

1008-1004-1004-1001
affected

1008D-1003D-1004D-1002D
affected

1008J-1004J-1004J-1001J
affected

1009-1001-1004-1001
affected

1009-1002-1005-1003
affected

1009-1003-1001-1003
affected

1009-1003-1005-1002
affected

1010-1001-1004-1001
affected

1010-1001-1004-1002
affected

1010-1003-1005-1002
affected

1010-1003-1006-1003
affected

1010-1003-1006-1004
affected

1010-1004-1007-1001
affected

1010J-1001J-1004J-1001J
affected

1010N-1003N-1005N-1002N
affected

1011-1001-1002A-1002
affected

1011-1001-1002D-1002
affected

1011-1001-1003-1002
affected

1011-1001-1004-1002
affected

1011-1001-1005-1002
affected

1011-1004-1005-1002
affected

Credits

Gergely Eberhardt (SEARCH-LAB.hu) finder

References

www.exploit-db.com/exploits/40500 exploit

avtech.com/ product

web.archive.org/...6-AVTech-devices-multiple-vulnerabilities third-party-advisory technical-description

web.archive.org/...1029201749/https://github.com/ebux/AVTECH exploit

vulncheck.com/...ries/avtech-ipcamera-nvr-dvr-mulitple-vulns third-party-advisory

cve.org (CVE-2025-34065)

nvd.nist.gov (CVE-2025-34065)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-34065

Support options

Helpdesk Chat, Email, Knowledgebase