AVTECH IP Camera, DVR, and NVR OS Command Injection Vulnerability

A command injection vulnerability has been identified in AVTECH IP cameras, DVRs, and NVRs, through the PwdGrp.cgi endpoint, which manages user and group operations. This vulnerability allows authenticated users to execute arbitrary shell commands with root privileges by injecting commands into the pwd or grp parameters, which are not properly sanitized before being executed. The issue is present in all AVTECH devices and firmware versions.

Impact

Exploitation of this vulnerability allows for unauthorized execution of commands with root privileges on the affected device.

Reproduction

The vulnerability can be reproduced by sending a request to the PwdGrp.cgi endpoint with injected commands in the pwd or grp parameters. This can be done using a tool like curl or Postman, or through a custom script that automates the process. After authentication, the injected commands will be executed with root privileges, allowing for complete control over the device.

Remediation

Users are advised to change the default admin password and operate the devices behind a firewall. AVTECH has released firmware updates for some vulnerabilities, but it is unclear if this specific issue has been addressed.