Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AVTECH AVC798HA DVR - Information Exposure

By kannthu

Vidoc logoVidoc Module

What is "AVTECH AVC798HA DVR - Information Exposure?"

The "AVTECH AVC798HA DVR - Information Exposure" module is designed to detect the vulnerability of AVTECH AVC798HA DVR to information exposure. This module targets the AVTECH AVC798HA DVR software, which is a digital video recorder used for surveillance purposes. The severity of this vulnerability is classified as low. The original author of this module is geeknik.


If exploited, this vulnerability allows unauthorized access to CGI scripts in the /cgi-bin/nobody directory of the AVTECH AVC798HA DVR without authentication. This can potentially lead to the exposure of sensitive information, unauthorized data modification, and execution of unauthorized operations.

How does the module work?

The module sends an HTTP GET request to the path "/cgi-bin/nobody/Machine.cgi?action=get_capability" of the AVTECH AVC798HA DVR. It then applies matching conditions to the response to determine if the vulnerability is present.

The matching conditions used in this module are:

- Status code 200: The response status code must be 200. - Presence of specific words: The response must contain the words "Firmware.Version=", "MACAddress=", and "Product.Type=".

If both matching conditions are met, the module identifies the AVTECH AVC798HA DVR as vulnerable to information exposure.

For more information, please refer to the reference.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200and
word: Firmware.Version=, MACAddress=, Product....
Passive global matcher
No matching conditions.
On match action
Report vulnerability