CVE Catalog

CVE-2025-57200

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
1.80%

76th percentile - higher than 76% of all known CVEs

Summary

An authenticated command injection vulnerability was discovered in the test_mail function of AVTECH SECURITY DGM1104 (firmware version FullImg-1015-1004-1006-1003). This flaw allows an attacker to execute arbitrary system commands via crafted input.

Risk Assessment

An authenticated attacker can take full control of the device, compromising the confidentiality, integrity, and availability of the surveillance system.

Recommendation

Immediately update the firmware to the latest version and restrict administrative interface access to trusted networks only.

Original NVD description (English source)

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS