AvtechCVEs & Vulnerabilities

13 CVEs affecting Avtech products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

dgm1104 5dgm1104 firmware 5avn801 dvr 3avn801 dvr firmware 3eagleeyes\(lite\) 2pager enterprise 2room alert 3e firmware 1avm1203 firmware 1
CVE-2024-7029KEVCRITICALin the wild

Commands can be injected over the network and executed without authentication.

11 Apr 2026
9.8
CVSS
CVE-2025-57202MEDIUM

A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field.

3 Dec 2025
6.1
CVSS
CVE-2025-57201HIGH

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

3 Dec 2025
8.8
CVSS
CVE-2025-57199HIGH

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

3 Dec 2025
8.8
CVSS
CVE-2025-57198HIGH

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

3 Dec 2025
8.8
CVSS
CVE-2025-57200MEDIUM

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

3 Dec 2025
6.5
CVSS
CVE-2025-50944HIGH

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.

15 Sep 2025
8.8
CVSS
CVE-2025-46408CRITICAL

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.

15 Sep 2025
9.8
CVSS
CVE-2013-4982CRITICALpoc

AVTECH AVN801 DVR has a security bypass via the administration login captcha

27 Dec 2019
9.8
CVSS
CVE-2019-13379HIGH

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

7 Jul 2019
8.8
CVSS
CVE-2013-4981CRITICALpoc

Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter.

3 Mar 2014
9.0
CVSS
CVE-2013-4980CRITICALpoc

Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request.

3 Mar 2014
9.0
CVSS
CVE-2008-3939HIGH

Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

5 Sep 2008
7.5
CVSS
← PrevPage 1 / 1Next →