AVTECH IP Cameras, DVRs, and NVRs Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in AVTECH IP cameras, DVRs, and NVRs. This vulnerability resides in the devices' streamd web server, where the strstr() function is used to check for '.cab' requests. As a result, any URL containing '.cab' can bypass authentication and access protected endpoints. Additionally, certain CGI scripts in the '/cgi-bin/nobody' folder can be accessed without authentication, further exploiting the vulnerability.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to protected endpoints and CGI scripts on the affected devices.

Reproduction

The vulnerability can be reproduced by sending a request to the streamd web server with a URL that includes '.cab'. This will bypass authentication and grant access to protected endpoints. Alternatively, CGI scripts in the '/cgi-bin/nobody' folder can be accessed without authentication, providing another avenue for exploitation.

Remediation

Users are advised to change the default admin password and avoid exposing the web interface of AVTECH devices to the internet.