汇总 avtech 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 缓冲区溢出与跨站脚本 等问题,部分漏洞可能导致 应用崩溃,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-57202 | A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field. | [email protected] | 6.1 | 0.51% | 2025-12-03 | 2025-12-18 |
| CVE-2025-57201 | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | [email protected] | 8.8 | 7.13% | 2025-12-03 | 2026-06-01 |
| CVE-2025-57199 | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | [email protected] | 8.8 | 2.96% | 2025-12-03 | 2025-12-23 |
| CVE-2025-57198 | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | [email protected] | 8.8 | 2.33% | 2025-12-03 | 2025-12-23 |
| CVE-2025-57200 | AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | [email protected] | 6.5 | 2.09% | 2025-12-03 | 2026-01-05 |
| CVE-2025-50944 | An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation. | [email protected] | 8.8 | 0.25% | 2025-09-15 | 2025-10-14 |
| CVE-2025-46408 | An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation. | [email protected] | 9.8 | 0.61% | 2025-09-15 | 2025-10-17 |
| CVE-2024-7029 | Commands can be injected over the network and executed without authentication. | [email protected] | 8.7 | 39.00% | 2024-08-02 | 2024-09-17 |
| CVE-2013-4982 | AVTECH AVN801 DVR has a security bypass via the administration login captcha | [email protected] | 9.8 | 13.12% | 2019-12-27 | 2024-11-21 |
| CVE-2019-13379 | On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. | [email protected] | 8.8 | 3.00% | 2019-07-07 | 2024-11-21 |
| CVE-2013-4981 | Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter. | [email protected] | 9.0 | 6.81% | 2014-03-03 | 2026-04-29 |
| CVE-2013-4980 | Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request. | [email protected] | 9.0 | 6.81% | 2014-03-03 | 2026-04-29 |
| CVE-2008-3939 | Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | [email protected] | 7.5 | 1.70% | 2008-09-05 | 2026-04-23 |