CVE-2025-34066
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-01

Last updated on: 2025-07-03

Assigner: VulnCheck

Description
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-01
Last Modified
2025-07-03
Generated
2026-05-07
AI Q&A
2025-07-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34066
EUVD
EUVD-2025-19640
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an improper certificate validation issue in AVTECH IP cameras, DVRs, and NVRs. It occurs because scripts like SyncCloudAccount.sh and SyncPermit.sh use wget with the --no-check-certificate option, which disables proper HTTPS certificate verification. As a result, HTTPS communications can be intercepted and manipulated by attackers through man-in-the-middle (MITM) attacks.


How can this vulnerability impact me? :

The vulnerability can allow attackers to perform man-in-the-middle (MITM) attacks on the affected devices' HTTPS communications. This can lead to interception, modification, or redirection of sensitive data transmitted between the devices and cloud or permit servers, potentially compromising device security and user privacy.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart