ByteOS Network

CVE Vulnerability Details :

CVE-2025-34065

PUBLISHED

More Info Official Page

Assigner-VulnCheck

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-01 Jul, 2025 | 14:47

Updated At-01 Jul, 2025 | 18:36

▼CVE Numbering Authority (CNA)

AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

Affected Products

Vendor

Avtec (Motorola Solutions)

Product

IP camera, DVR, and NVR Devices

Modules

Search.cgi
username parameter
queryb64str

Default Status

unaffected

Versions

Affected

1000-1000-1000-1000
1000C-1000C-1000C-1000C
1001-1000-1000-1000
1001-1001-1000-1000
1002-1000-1000-1000
1002-1002-1000-1002
1002D-1000D-1000D-1000D
1003-1000-1000-1001
1003-1001-1001-1000
1003-1002-1001-1000
1004-1000-1000-1000
1004-1001-1001-1001
1004-1002-1000-1001
1004-1003-1001-1002
1004-1003-1002-1001
1004A-1001A-1002A-1000A
1005-1002-1001-1002
1005-1003-1001-1002
1005-1004-1002-1001
1005A-1001A-1002A-1001A
1005D-1001D-1002D-1001D
1006-1002-1001-1002
1006-1003-1001-1001
1006-1004-1003-1001
1007-1001-1003-1001
1007-1001-1004-1003
1007-1002-1001-1000
1007-1002-1001-1003
1007-1002-1003-1002
1007-1004-1003-1001
1008-1001-1003-1002
1008-1004-1004-1001
1008D-1003D-1004D-1002D
1008J-1004J-1004J-1001J
1009-1001-1004-1001
1009-1002-1005-1003
1009-1003-1001-1003
1009-1003-1005-1002
1010-1001-1004-1001
1010-1001-1004-1002
1010-1003-1005-1002
1010-1003-1006-1003
1010-1003-1006-1004
1010-1004-1007-1001
1010J-1001J-1004J-1001J
1010N-1003N-1005N-1002N
1011-1001-1002A-1002
1011-1001-1002D-1002
1011-1001-1003-1002
1011-1001-1004-1002
1011-1001-1005-1002
1011-1004-1005-1002

Problem Types

Type	CWE ID	Description
CWE	CWE-290	CWE-290 Authentication Bypass by Spoofing

Type: CWE

CWE ID: CWE-290

Description: CWE-290 Authentication Bypass by Spoofing

Metrics

Version	Base score	Base severity	Vector
4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Impacts

CAPEC ID	Description
CAPEC-115	CAPEC-115 Authentication Bypass
CAPEC-137	CAPEC-137 Parameter Injection

CAPEC ID: CAPEC-115

Description: CAPEC-115 Authentication Bypass

CAPEC ID: CAPEC-137

Description: CAPEC-137 Parameter Injection

Credits

finder

Gergely Eberhardt (SEARCH-LAB.hu)

References

Hyperlink	Resource
https://www.exploit-db.com/exploits/40500	exploit
https://avtech.com/	product
https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities	third-party-advisory technical-description
https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH	exploit
https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns	third-party-advisory

Hyperlink: https://www.exploit-db.com/exploits/40500

Resource:

exploit

Hyperlink: https://avtech.com/

Resource:

product

Hyperlink: https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities

Resource:

third-party-advisory

technical-description

Hyperlink: https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH

Resource:

exploit

Hyperlink: https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

Resource:

third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References