CVE-2025-34065 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access…
Medium CVSS: 6.9

CVE-2025-34065

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
Vendor
-
Product
-
CWE
CWE-290
Yayın Tarihi
2025-07-01 15:15:25
Güncelleme
2025-07-03 15:14:12
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-290 MEDIUM 2025

Referanslar

https://avtech.com/ https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://www.exploit-db.com/exploits/40500