AVTECH IP Cameras, DVRs, and NVRs Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

A vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to improper certificate validation. The devices use wget with the --no-check-certificate option in scripts such as SyncCloudAccount.sh and SyncPermit.sh, which exposes HTTPS communications to man-in-the-middle (MITM) attacks. This vulnerability affects all AVTECH devices and firmware versions.

Impact

Exploitation of this vulnerability allows for man-in-the-middle attacks, where an attacker can intercept and potentially alter HTTPS communications.

Reproduction

The vulnerability can be reproduced by accessing the affected AVTECH device's scripts that utilize wget to fetch HTTPS resources without proper certificate validation. This can be done by manually triggering these scripts or through scheduled tasks, depending on the device's configuration.

Remediation

Users are advised to change the default admin password and operate the devices behind a firewall. AVTECH has released firmware updates for some vulnerabilities, but it's unclear if this specific issue has been addressed.