Primary

Context

AVTECH DGM1104 Stored Cross-Site Scripting Vulnerability in PwdGrp.cgi Endpoint

Vulnerability

A stored cross-site scripting vulnerability has been identified in the PwdGrp.cgi endpoint of the AVTECH DGM1104 camera model. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the username field. The issue arises in the user creation functionality of the admin interface, where injected scripts are executed when the user list page is accessed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Reproduction

To reproduce this vulnerability, log into the admin interface of an affected AVTECH DGM1104 camera. Navigate to the user creation section and enter a username that includes HTML or JavaScript payloads. Once the user is created, the injected script will execute when the user list page is visited.

Added: Dec 3, 2025, 4:18 PM

Updated: Dec 3, 2025, 5:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVTECH DGM1104 Stored Cross-Site Scripting Vulnerability in PwdGrp.cgi Endpoint

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating