CVE-2013-4980 and CVE-2013-4980 permit unauthenticated arbitrary code execution via overflows in the RTSP packet handler and in /cgi-bin/user/Config.cgi respectively. CVE-2013-4982 allows attackers to bypass the CAPTCHA of the administration login console.
DVR 4CH H.264 (AVTECH AVN801) firmware 1017-1003-1009-1003, and possibly prior versions
Remote Code Execution, Security Bypass
Remote Code Execution (CVE-2013-4980 and CVE-2013-4981)
Exploitation of this vulnerability is possible by forming a malicious request and sending it to the affected server. Remote attackers who successfully exploit this vulnerability will be able to execute arbitrary commands on the vulnerable system with the same rights as the web service.
Security Bypass (CVE-2013-4982)
This vulnerability allows an attacker to bypass the CAPTCHA protection mechanism, allowing the attacker to automate attacks that would normally be blocked by the CAPTCHA.
BeyondTrust Prevention and Detection:
No mitigation is currently available.