CVE-2025-34056

AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution

CVSS 9.4 CRITICALEPSS 1.8%CWE-20 CWE-78

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.4EPSS 1.8%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

01 Jul 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

AVTECH · IP camera, DVR, and NVR Devices

public PoCs found — 2

cve_referenceweb.archive.org/web/20161029201749/https://github.com/ebux/AVTECHunverified cve_referencewww.exploit-db.com/exploits/40500unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://avtech.com/https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://www.exploit-db.com/exploits/40500