Avtech

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-57202 1Avtech 1Dgm1104 Firmware Dec 18, 2025 Dec 3, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a cr...Show more A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field.Show less
CVE-2025-57201 1Avtech 1Dgm1104 Firmware Jun 1, 2026 Dec 3, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitr...Show more AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.Show less
CVE-2025-57199 1Avtech 1Dgm1104 Firmware Dec 23, 2025 Dec 3, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbi...Show more AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input.Show less
CVE-2025-57198 1Avtech 1Dgm1104 Firmware Dec 23, 2025 Dec 3, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbit...Show more AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input.Show less
CVE-2025-57200 1Avtech 1Dgm1104 Firmware Jan 5, 2026 Dec 3, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitra...Show more AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.Show less
CVE-2025-50944 1Avtech 1Eagleeyes(lite) Oct 14, 2025 Sep 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expirati...Show more An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.Show less
CVE-2025-46408 1Avtech 1Eagleeyes(lite) Oct 17, 2025 Sep 15, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, by...Show more An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.Show less
CVE-2024-7029 1Avtech 1Avm1203 Firmware Sep 17, 2024 Aug 2, 2024 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Commands can be injected over the network and executed without authentication.
CVE-2013-4982 1Avtech 1Avn801 Dvr Firmware Nov 21, 2024 Dec 27, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 AVTECH AVN801 DVR has a security bypass via the administration login captcha
CVE-2019-13379 1Avtech 1Room Alert 3e Firmware Nov 21, 2024 Jul 7, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=R...Show more On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.Show less
CVE-2013-4981 1Avtech 2Avn801 Dvr Avn801 Dvr Firmware Apr 29, 2026 Mar 3, 2014 N/A· v4 N/A· v3 9.0 HIGH· v2 Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly...Show more Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter.Show less
CVE-2013-4980 1Avtech 2Avn801 Dvr Avn801 Dvr Firmware Apr 29, 2026 Mar 3, 2014 N/A· v4 N/A· v3 9.0 HIGH· v2 Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly...Show more Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request.Show less
CVE-2008-3939 1Avtech 1Pager Enterprise Apr 23, 2026 Sep 5, 2008 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.