CVE-2025-34055
AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
| CWE | CWE-78 CWE-20 |
| Vendor | avtech |
| Product | ip camera, dvr, and nvr devices |
| Published | Jul 1, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for avtech ip camera, dvr, and nvr devices
Be the first to know when new unknown vulnerabilities affecting avtech ip camera, dvr, and nvr devices are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
AVTECH / IP camera, DVR, and NVR Devices
1001-1000-1000-1000 1002-1000-1000-1000 1002-1001-1001-1001 1003-1000-1001-1000 1003-1001-1001-1000 1003-1001-1001-1001 1004-1000-1000-1000 1004-1001-1001-1001 1004-1001-1002-1000 1004-1002-1001-1000 1004V-1002V-1003V-1001V 1004Y-1002Y-1001EJ-1000Y 1005-1001-1002-1000 1005-1002-1001-1002 1005-1002-1002-1000 1005-1002-1004-1001 1006-1001-1003-1000 1006-1001-1003-1003 1006-1002-1001-1002 1006-1002-1003-1000 1006R-1002R-1001R-1002R 1007-1001-1003-1000 1007-1001-1003-1003 1007-1002-1004-1000 1007-1003-1005-1001 1007E-1003E-1005EJ-1001E 1007V-1003V-1005V-1001V 1008-1001-1001-1001 1008-1002-1002-1003 1008-1002-1005-1000 1008-1003-1005-1003 1008-1004-1003-1002 1009-1001-1002-1001 1009-1001-1004-1000 1009-1003-1006-1001 1009-1004-1005-1006 1009-1004-1006-1003 1009Y-1003Y-1006Y-1001Y 1010-1001-1003-1001 1010-1001-1004-1005 1010-1002-1005-1000 1010-1004-1007-1001 1010-1005-1005-1002 1011-1002-1004-1001 1011-1002-1006-1000 1011-1005-1007EJ-1001 1011-1005-1008-1002 1012-1002-1004-1001 1012-1002-1006-1005 1012-1002-1007-1004 1012-1003-1001-1005 1012-1003-1005-1005 1012-1004-1008-1008 1012-1008-1009-1000-FFFF 1013-1002-1006-1005 1013-1003-1005-1001 1013-1004-1008-1003 1013-1004-1008-1008 1014-1002-1007-1004 1014-1003-1006-1001 1014-1003-1006PL-1001 1014-1003-1007-1001 1014-1004-1008-1008 1014-1005-1009-1002 1014-1007-1009-1001 1014L-1002L-1006L-1005L 1015-1006-1004-1002 1015-1006-1005-1002 1015-1006-1008-1002 1015-1006-1008-1007 1015-1006-1010-1003 1015-1007-1007-1007 1015K-1006K-1008PO-1002K 1015Y-1007Y-1010Y-1001Y 1016-1003-1007-1001 1016-1004-1009-1009 1016-1006-1008-1007 1016-1007-1005-1001 1016-1007-1009-1003 1016-1007-1011-1001 1016-1007-1011-1003 1016-1008-1007-1007 1016Y-1007Y-1011Y-1001Y 1017-1002-1008-1005 1017-1003-1007-1002 1017-1003-1008-1006 1017-1008-1012-1002 1017-1011-1013-1001-FFFF 1017k-1003k-1008k-1006k 1017Y-1008Y-1012Y-1002Y 1018-1003-1005-1004 1018-1003-1007-1002 1018-1003-1008-1003 1018-1003-1008-1004 1018-1003-1008PO-1003 1018-1006-1009-1007 1018-1007-1009-1003 1018-1008-1012-1004 1019-1003-1007-1002 1019-1003-1008-1001 1019-1004-1009-1007 1019-1007-1009-1003 1019-1009-1013-1003 1019-1010-1009-1009 1019c-1012c-1014c-1001c-FFFF 1020-1003-1008-1003 1020-1003-1008-1004 1020-1003-1010-1006 1020-1004-1009-1007 1020-1005-1011-1010 1020-1005-1012-1007 1020-1007-1008-1003 1020-1007-1009-1003 1021-1003-1008-1003 1021-1003-1008-1004 1021-1005-1011-1010 1021-1007-1010-1003 1021L-1003L-1010L-1006L 1021r-1004r-1009r-1007r 1022-1003-1008-1002 1022-1004-1009-1007 1022-1007-1012-1007 1022-1012-1011-1009 1022-1014-1016-1002-FFFF 1022L-1004L-1011L-1006L 1022L-1005L-1011L-1010L 1022Y-1014Y-1016Y-1002Y-FFFF 1023-1004-1010-1007 1023-1014-1017-1002-FFFF 1025-1006-1013-1011 1025-1008-1013-1008 1025-1014-1013-1009 1027-1008-1012-1008 1027-1008-1013-1008 1027-1014-1015-1009 1027L-1006L-1015L-1009L 1028-1007-1014-1012 1029-1007-1014-1008 1030-1007-1014-1012 1030-1008-1014-1008 1031-1007-1015-1012 1032-1007-1015-1008 1032k-1007k-1015k-1008k 1036r-1008r-1016r-1009r 1037-1008-1017-1009 S749-S749-S749-S749 S820-S820-S820-S820 S823-S823-S823-S823 S855-S855-S855-S855 S914V-S914V-S914V-S914V S968-S968-S968-S968 S984-S984-S984-S984 T717-T717-T717-T717
References
exploit-db.com: https://www.exploit-db.com/exploits/40500 avtech.com: https://avtech.com/ web.archive.org: https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities web.archive.org: https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH vulncheck.com: https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns
Credits
Gergely Eberhardt (SEARCH-LAB.hu)