CVE-2025-34053 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" re…
Medium CVSS: 6.9

CVE-2025-34053

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
Vendor
-
Product
-
CWE
CWE-290
Yayın Tarihi
2025-07-01 15:15:23
Güncelleme
2025-07-03 15:14:12
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-290 MEDIUM 2025

Referanslar

https://avtech.com/ https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://www.exploit-db.com/exploits/40500