Facundo Pantaleo

**Name of the Vulnerable Software and Affected Versions** AVTECH AVN801 DVR versions 1017-1003-1009-1003 and earlier **Description** A buffer overflow issue exists in the cgi-bin/user/Config.cgi component, allowing remote attackers to potentially cause a denial of service (device crash) and possibly execute arbitrary code. This is achieved by sending a long string in the `Network.SMTP.Receivers` parameter. **Recommendations** For AVTECH AVN801 DVR versions 1017-1003-1009-1003 and earlier, consider restricting access to the cgi-bin/user/Config.cgi component until a fix is available, and avoid using long strings in the `Network.SMTP.Receivers` parameter to minimize the risk of exploitation.