CVE-2025-34066
AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.
| CWE | CWE-295 |
| Vendor | avtech |
| Product | ip cameras |
| Published | Jul 1, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for avtech ip cameras
Be the first to know when new unknown vulnerabilities affecting avtech ip cameras are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
AVTECH / IP cameras
0
AVTECH / DVR devices
0
AVTECH / NVR devices
0
References
exploit-db.com: https://www.exploit-db.com/exploits/40500 avtech.com: https://avtech.com/ web.archive.org: https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities web.archive.org: https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH vulncheck.com: https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns
Credits
Gergely Eberhardt (SEARCH-LAB.hu)