Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVTECH DVR Devices Server-Side Request Forgery
Vulnerability Description
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
AVTECH DVR 安全漏洞
Vulnerability Description
AVTECH DVR是美国AVTECH公司的一款数位录影主机。 AVTECH DVR存在安全漏洞,该漏洞源于未经验证的/cgi-bin/nobody/Search.cgi端点存在服务端请求伪造,可能导致敏感数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A