CVE-2025-57200
MediumCVSS 6.5Exploitation Probability (EPSS)
High risk76th percentile - higher than 76% of all known CVEs
Summary
An authenticated command injection vulnerability was discovered in the test_mail function of AVTECH SECURITY DGM1104 (firmware version FullImg-1015-1004-1006-1003). This flaw allows an attacker to execute arbitrary system commands via crafted input.
Risk Assessment
An authenticated attacker can take full control of the device, compromising the confidentiality, integrity, and availability of the surveillance system.
Recommendation
Immediately update the firmware to the latest version and restrict administrative interface access to trusted networks only.
Original NVD description (English source)
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.

