CVE-2025-34051— AVTECH DVR Devices Server-Side Request Forgery
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-34051
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVTECH DVR Devices Server-Side Request Forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
AVTECH DVR 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AVTECH DVR是美国AVTECH公司的一款数位录影主机。 AVTECH DVR存在安全漏洞,该漏洞源于未经验证的/cgi-bin/nobody/Search.cgi端点存在服务端请求伪造,可能导致敏感数据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AVTECH | DVR devices | 1001-1000-1000-1000 | - |
II. Public POCs for CVE-2025-34051
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-34051
请登录查看更多情报信息。
Same Patch Batch · AVTECH · 2025-07-01 · 8 CVEs total
| CVE-2025-34050 | AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery | |
| CVE-2025-34054 | AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection | |
| CVE-2025-34066 | AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure | |
| CVE-2025-34055 | AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution | |
| CVE-2025-34056 | AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution | |
| CVE-2025-34053 | AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation | |
| CVE-2025-34065 | AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path |
IV. Related Vulnerabilities
Same vendor: AVTECH
- CVE-2025-34066
AVTECH IP camera, DVR, and NVR Devices Unauthenticated Infor - CVE-2025-34065
AVTECH IP camera, DVR, and NVR Devices Authentication Bypass - CVE-2025-34056
AVTECH IP camera, DVR, and NVR Devices Authenticated Root Co - CVE-2025-34055
AVTECH IP camera, DVR, and NVR Devices Authenticated Root Co - CVE-2025-34054
AVTECH IP camera, DVR, and NVR Devices Unauthenticated Comma
Same weakness: CWE-918
- CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-44313
LinkWarden: Server-Side Request Forgery (SSRF) in Link Creat - CVE-2026-42352
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processe - CVE-2026-42346
Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validatio - CVE-2026-42339
New API: SSRF Filter Bypass via 0.0.0.0
V. Comments for CVE-2025-34051
No comments yet