CVE-2025-34055

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.

CVSS

No CVSS.

References

Link	Resource
https://avtech.com/
https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns
https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH
https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities
https://www.exploit-db.com/exploits/40500

Configurations

No configuration.

History

03 Jul 2025, 15:14

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de inyección de comandos del sistema operativo en los dispositivos AVTECH DVR, NVR, e IP camera dentro del endpoint adcommand.cgi, que interactúa con el daemon ActionD. Los usuarios autenticados pueden invocar la operación DoShellCmd, pasando una entrada arbitraria mediante el parámetro strCmd. Esta entrada es ejecutada directamente por el shell del sistema sin sanear, lo que permite a los atacantes ejecutar comandos como usuario root.

01 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-01 15:15

Updated : 2025-07-03 15:14

NVD link : CVE-2025-34055

Mitre link : CVE-2025-34055

CVE.ORG link : CVE-2025-34055

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-34055", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-01T15:15:24.053", "references": [{"url": "https://avtech.com/", "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/40500", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en los dispositivos AVTECH DVR, NVR, e IP camera dentro del endpoint adcommand.cgi, que interact\u00faa con el daemon ActionD. Los usuarios autenticados pueden invocar la operaci\u00f3n DoShellCmd, pasando una entrada arbitraria mediante el par\u00e1metro strCmd. Esta entrada es ejecutada directamente por el shell del sistema sin sanear, lo que permite a los atacantes ejecutar comandos como usuario root."}], "lastModified": "2025-07-03T15:14:12.767", "sourceIdentifier": "disclosure@vulncheck.com"}