Description
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
Reserved 2025-04-15 | Published 2025-07-01 | Updated 2025-07-01 | Assigner
VulnCheckMEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Problem types
CWE-290 Authentication Bypass by Spoofing
Product status
Default status
unaffected
1000-1000-1000-1000
affected
1000C-1000C-1000C-1000C
affected
1001-1000-1000-1000
affected
1001-1001-1000-1000
affected
1002-1000-1000-1000
affected
1002-1002-1000-1002
affected
1002D-1000D-1000D-1000D
affected
1003-1000-1000-1001
affected
1003-1001-1001-1000
affected
1003-1002-1001-1000
affected
1004-1000-1000-1000
affected
1004-1001-1001-1001
affected
1004-1002-1000-1001
affected
1004-1003-1001-1002
affected
1004-1003-1002-1001
affected
1004A-1001A-1002A-1000A
affected
1005-1002-1001-1002
affected
1005-1003-1001-1002
affected
1005-1004-1002-1001
affected
1005A-1001A-1002A-1001A
affected
1005D-1001D-1002D-1001D
affected
1006-1002-1001-1002
affected
1006-1003-1001-1001
affected
1006-1004-1003-1001
affected
1007-1001-1003-1001
affected
1007-1001-1004-1003
affected
1007-1002-1001-1000
affected
1007-1002-1001-1003
affected
1007-1002-1003-1002
affected
1007-1004-1003-1001
affected
1008-1001-1003-1002
affected
1008-1004-1004-1001
affected
1008D-1003D-1004D-1002D
affected
1008J-1004J-1004J-1001J
affected
1009-1001-1004-1001
affected
1009-1002-1005-1003
affected
1009-1003-1001-1003
affected
1009-1003-1005-1002
affected
1010-1001-1004-1001
affected
1010-1001-1004-1002
affected
1010-1003-1005-1002
affected
1010-1003-1006-1003
affected
1010-1003-1006-1004
affected
1010-1004-1007-1001
affected
1010J-1001J-1004J-1001J
affected
1010N-1003N-1005N-1002N
affected
1011-1001-1002A-1002
affected
1011-1001-1002D-1002
affected
1011-1001-1003-1002
affected
1011-1001-1004-1002
affected
1011-1001-1005-1002
affected
1011-1004-1005-1002
affected
Credits
Gergely Eberhardt (SEARCH-LAB.hu) finder
References
www.exploit-db.com/exploits/40500 exploit
avtech.com/ product
web.archive.org/...6-AVTech-devices-multiple-vulnerabilities third-party-advisory technical-description
web.archive.org/...1029201749/https://github.com/ebux/AVTECH exploit
vulncheck.com/...ries/avtech-ipcamera-nvr-dvr-mulitple-vulns third-party-advisory
cve.org (CVE-2025-34065)
nvd.nist.gov (CVE-2025-34065)
Download JSON