Description
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
Published: 2025-07-01
Score: 10 Critical
EPSS: 2.3% Low
KEV: No
Impact: Remote Command Execution as root
Action: Immediate Patch
AI Analysis

Impact

An unauthenticated command injection flaw exists in AVTECH devices accessed via Search.cgi?action=cgi_query. The lack of input sanitization on the username and queryb64str parameters allows attackers to inject shell commands, which are executed with root privileges. This vulnerability is a classic Command Injection (CWE-78) that can lead to full device compromise and unauthorized system control.

Affected Systems

The affected products are AVTECH IP cameras, DVRs, and NVRs. No particular firmware or model versions are listed, but all devices exposing the Search.cgi interface are potentially vulnerable.

Risk and Exploitability

The CVSS score of 10 indicates critical severity, while the EPSS score of 2% indicates a low to moderate current exploitation probability. The flaw is not listed in the CISA KEV catalog. The attack vector is remote, unauthenticated access to the device over the network, and exploitation has been observed by Shadowserver. Attackers can execute arbitrary commands as root, potentially installing backdoors or exfiltrating data.

Generated by OpenCVE AI on April 28, 2026 at 11:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update supplied by AVTECH that fixes the Search.cgi injection flaw.
  • If no patch is available, disable the vulnerable Search.cgi endpoint or block access to action=cgi_query through firewall rules to prevent remote command injection.
  • Secure the device network segment, applying strict access controls and monitoring for anomalous traffic that may indicate exploitation attempts.

Generated by OpenCVE AI on April 28, 2026 at 11:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19644 An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.
History

Thu, 20 Nov 2025 21:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-03-07 UTC. An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.

Mon, 17 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Mon, 17 Nov 2025 21:45:00 +0000

Type Values Removed Values Added
Description An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC. An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-03-07 UTC.

Mon, 17 Nov 2025 21:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
Title AVTECH DVR Devices Unauthenticated Command Injection AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection

Tue, 01 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 01 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.
Title AVTECH DVR Devices Unauthenticated Command Injection
Weaknesses CWE-20
CWE-78
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:16.220Z

Reserved: 2025-04-15T19:15:22.548Z

Link: CVE-2025-34054

cve-icon Vulnrichment

Updated: 2025-07-01T18:32:08.268Z

cve-icon NVD

Status : Deferred

Published: 2025-07-01T15:15:23.910

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34054

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:15:26Z

Weaknesses