🔐 CVE Alert

CVE-2025-34053

UNKNOWN 0.0

AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.

CWE CWE-290
Vendor avtech
Product ip camera, dvr, and nvr devices
Published Jul 1, 2025
Last Updated Apr 7, 2026
Stay Ahead of the Next One

Get instant alerts for avtech ip camera, dvr, and nvr devices

Be the first to know when new unknown vulnerabilities affecting avtech ip camera, dvr, and nvr devices are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

AVTECH / IP camera, DVR, and NVR devices
1000-1000-1000-1000 1000C-1000C-1000C-1000C 1001-1000-1000-1000 1001-1001-1000-1000 1002-1000-1000-1000 1002-1002-1000-1002 1002D-1000D-1000D-1000D 1003-1000-1000-1001 1003-1001-1001-1000 1003-1002-1001-1000 1004-1000-1000-1000 1004-1001-1001-1001 1004-1003-1001-1002 1004-1003-1002-1001 1004A-1001A-1002A-1000A 1005-1002-1001-1002 1005-1003-1001-1002 1005-1004-1002-1001 1005A-1001A-1002A-1001A 1005D-1001D-1002D-1001D 1006-1002-1001-1002 1006-1004-1003-1001 1007-1001-1003-1001 1007-1001-1004-1003 1007-1002-1001-1003 1007-1002-1003-1002 1007-1004-1003-1001 1008-1001-1003-1002 1008-1004-1004-1001 1008D-1003D-1004D-1002D 1008J-1004J-1004J-1001J 1009-1001-1004-1001 1009-1002-1005-1003 1009-1003-1005-1002 1010-1001-1004-1001 1010-1001-1004-1002 1010-1003-1005-1002 1010-1003-1006-1003 1010-1003-1006-1004 1010-1004-1007-1001 1010J-1001J-1004J-1001J 1010N-1003N-1005N-1002N 1011-1001-1002A-1002 1011-1001-1002D-1002 1011-1001-1003-1002 1011-1001-1004-1002 1011-1001-1005-1002 1011-1004-1005-1002 1012-1001-1005-1002 1012-1001-1005-1003 1012-1001-1005PO-1002 1012-1003-1007-1002 1012-1003-1007-1004 1013-1001-1005-1003 1013-1002-1006-1002 1013-1003-1008-1003 1013-1004-1008-1004 1013-1005-1005-1002 1013-1005-1007-1002 1013K-1005K-1007PO-1002K 1014-1002-1006-1002 1014-1002-1006-1003 1014-1003-1008-1003 1014-1005-1008-1002 1014B-1002B-1006B-1002B 1015-1001-1006-1003 1015-1002-1006-1003 1015-1002-1007-1002 1015-1003-1008-1003 1015-1005-1009-1004 1015-1006-1004-1002 1015-1006-1005-1002 1015-1006-1008-1002 1015C-1004C-1003C-1005C 1015K-1006K-1008PO-1002K 1016-1002-1007-1002 1016-1006-1013-1002 1016-1007-1009-1003 1016-1007-1011-1003 1017-1002-1007-1003 1017-1003-1007-1003 1017-1003-1009-1003 1017-1005-1004-1005 1017-1006-1013-1002 1017-1013-1014-1005 1018-1003-1005-1004 1018-1003-1008-1003 1018-1003-1008-1004 1018-1003-1008PO-1003 1018-1004-1005-1005 1018-1007-1009-1003 1018-1012-1011-1010 1019-1004-1006-1005 1019-1007-1009-1003 1020-1003-1008-1003 1020-1003-1008-1004 1020-1004-1007-1006 1020-1007-1008-1003 1020-1007-1009-1003 1021-1003-1008-1003 1021-1003-1008-1004 1021-1005-1006-1005 1021-1005-1008-1006 1021-1006-1015-1002 1021-1007-1010-1003 1022-1005-1007-1005 1022-1005-1009-1007 1022-1006-1015-1002 1022-1013-1014-1010 1022-1014-1016-1002-FFFF 1022Y-1014Y-1016Y-1002Y-FFFF 1023-1005-1008-1006 1023-1007-1016-1003 1024-1019-1019-1007 1025-1006-1010-1007 1025-1017-1017-1011 1027-1007-1019-1003 1027-1021-1021-1008 1028-1021-1022-1008 1031-1007-1022-1003 1032-1022-1024-1008 1033-1018-1021-1012 1035-1005-1005-1004 1035-1005-1005-1005 1035-1005-1005-1005P 1035-1007-1024-1003 1035-1024-1025-1008 1036-1005-1006-1005 1036-1007-1024-1003 1036-1014-1016-1016 1037-1024-1027-1008 1037-1025-1027-1008 1038-1021-1024-1012 1038-1021-1024-1012-A5 1038-1025-1028-1008 1039-1005-1008-1004 1039-1005-1008-1005 1039-1014-1017-1016 1039D-1014D-1017D-1016D 1040-1026-1029-1008 1041-1005-1009-1005 1042-1026-1030-1008 1044-1026-1030-1008 1044-1026-1031-1008 1045-1015-1020-1018 1046-1027-1032-1008 1047-1027-1031-1008 1049-1027-1033-1008 1050-1027-1034-1008 1050-1027-1036-1008 1051-1027-1035-1008 1051CZ-1028-1037-1008 1052-1027-1034-1008 1052-1028-1038-1008 1052A-1028-1038A-1008 1054-1027-1036-1008 1054-1028-1036-1008 1055-1028-1036-1008 1056-1028-1037-1008 1058-1028-1039-1008 1062-1028-1041-1008 1065-1029-1043-1008 1068-1029-1043-1008 1069-1029-1043-1008 1071-1029-1044-1008 1077-1017-1035-1007 1077-1017-1035-1007-A6 1077-1017-1035-1007-D4 1077-1017-1035-1007-D705FF 1078-1017-1036-1007 1078-1017-1036-1007-A6 1078-1017-1036-1007-D707FF 1079-1017-1037-1007 1079-1017-1037-1007-D4 1W77-1W17-1W35-1W07-A6 A077-1017-A035-1007 A077-1017-A035-1007-A6 A1035-1024-A1025-1008 A1038-1025-A1028-1008-D4 S681-S681-S681-S681 S749-S749-S749-S749 S818-S818-S818-S818 S820-S820-S820-S820 S823-S823-S823-S823 S914V-S914V-S914V-S914V S984-S984-S984-S984

References

NVD ↗ CVE.org ↗ EPSS Data ↗
exploit-db.com: https://www.exploit-db.com/exploits/40500 avtech.com: https://avtech.com/ web.archive.org: https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities web.archive.org: https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH vulncheck.com: https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns

Credits

Gergely Eberhardt (SEARCH-LAB.hu)