diff --git a/exposed-panels/avtech-dvr-exposure.yaml b/exposed-panels/avtech-dvr-exposure.yaml
new file mode 100644
index 0000000000..c27dd4e837
--- /dev/null
+++ b/exposed-panels/avtech-dvr-exposure.yaml
@@ -0,0 +1,26 @@
+id: avtech-dvr-exposure
+
+info:
+  name: Avtech AVC798HA DVR Information Exposure
+  description: Under the /cgi-bin/nobody folder every CGI script can be accessed without authentication.
+  reference:  http://www.avtech.com.tw/
+  author: geeknik
+  severity: low
+  tags: dvr,exposure,avtech
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/nobody/Machine.cgi?action=get_capability"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "Firmware.Version="
+          - "MACAddress="
+          - "Product.Type="
+        condition: and