CVE-2025-34065

| EUVD-2025-19641 MEDIUM
2025-07-01 [email protected]
Authentication Bypass
6.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 01:42 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 01:42 euvd
EUVD-2025-19641
PoC Detected
Jul 03, 2025 - 15:14 vuln.today
Public exploit code
CVE Published
Jul 01, 2025 - 15:15 nvd
MEDIUM 6.9

DescriptionNVD

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

AnalysisAI

An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Authentication Bypass by Spoofing (CWE-290).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Share

CVE-2025-34065 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy