Avtech: Security Vulnerabilities
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
CVSS Score
8.8
EPSS Score
0.007
Published
2025-12-03
A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-03
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
CVSS Score
8.8
EPSS Score
0.008
Published
2025-12-03
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
CVSS Score
8.8
EPSS Score
0.008
Published
2025-12-03
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
CVSS Score
6.5
EPSS Score
0.022
Published
2025-12-03
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-09-15
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-09-15
Commands can be injected over the network and executed without authentication.
CVSS Score
8.7
EPSS Score
0.929
Published
2024-08-02
AVTECH AVN801 DVR has a security bypass via the administration login captcha
CVSS Score
9.8
EPSS Score
0.396
Published
2019-12-27
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
CVSS Score
8.8
EPSS Score
0.082
Published
2019-07-07
Page 1