CVE-2025-34051
BaseFortify
Publication date: 2025-07-01
Last updated on: 2025-07-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a server-side request forgery (SSRF) in multiple firmware versions of AVTECH DVR devices. It affects the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint, which does not require authentication. An attacker can manipulate parameters such as ip, port, and queryb64str to make arbitrary HTTP requests from the DVR to internal or external systems. This can allow the attacker to access sensitive data or interact with internal services that are normally protected.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to make unauthorized HTTP requests from the DVR device to internal or external systems. This can lead to exposure of sensitive data or unauthorized interaction with internal services, potentially compromising confidentiality and security of the affected network or systems.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the AVTECH DVR device exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. You can use network scanning or HTTP request tools like curl to test this endpoint. For example, a command to test the vulnerability could be: curl -v "http://<device-ip>/cgi-bin/nobody/Search.cgi?action=cgi_query&ip=127.0.0.1&port=80&queryb64str=..." to see if the device responds and allows arbitrary HTTP requests. Monitoring network traffic for unusual outbound HTTP requests originating from the DVR device may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the vulnerable endpoint by implementing firewall rules to block unauthorized access to /cgi-bin/nobody/Search.cgi?action=cgi_query on AVTECH DVR devices. If possible, update the device firmware to a version that patches this vulnerability once available. Additionally, isolate the DVR devices from untrusted networks and monitor for suspicious outbound requests originating from these devices to prevent exploitation. [1]