AVTECH DVR Devices Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in multiple firmware versions of AVTECH DVR devices. This vulnerability allows attackers to access the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. By manipulating the ip, port, and queryb64str parameters, attackers can send arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.

Impact

Exploitation of this vulnerability allows for unauthorized HTTP requests to be made through the DVR device, which can be used to access internal systems or data.

Reproduction

The vulnerability can be reproduced by sending a request to the /cgi-bin/nobody/Search.cgi endpoint with the action parameter set to cgi_query. The ip, port, and queryb64str parameters can be modified to perform arbitrary HTTP requests through the DVR device.