Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection
Vulnerability Description
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
AVTECH DVR 安全漏洞
Vulnerability Description
AVTECH DVR是美国AVTECH公司的一款数位录影主机。 AVTECH DVR存在安全漏洞,该漏洞源于Search.cgi端点未清理输入导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A