70 matches found
CVE-2026-30650
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...
Vivotek VIVOTEK FD8136-VVTK 安全漏洞
Vivotek VIVOTEK FD8136-VVTK is a super-miniature fixed dome network camera firmware developed by Vivotek Corporation. The Vivotek VIVOTEK FD8136-VVTK 0300a version contains a security vulnerability. This vulnerability stems from path traversal within the /admin/downloadMedias.cgi endpoint, which...
Vivotek FD8136 安全漏洞
Vivotek FD8136 is a hemispherical network camera produced by the Chinese company Vivotek. The Vivotek FD8136 FD8136-VVTK-0300a version contains a security vulnerability. This vulnerability stems from a remote buffer overflow attack on the /cgi-bin/admin/eventtask.cgi endpoint. It could allow...
Vivotek VIVOTEK FD8136-VVTK 安全漏洞
Vivotek VIVOTEK FD8136-VVTK is a super-mini fixed dome network camera firmware developed by Vivotek Corporation. There is a security vulnerability in Vivotek VIVOTEK FD8136-VVTK, which stems from a buffer overflow in the setgetparam.cgi component. This vulnerability may allow remote attackers to...
Vivotek FD8136 安全漏洞
Vivotek FD8136 is a hemispherical network camera produced by the Chinese company Vivotek. The Vivotek FD8136 FD8136-VVTK-0300a version has a security vulnerability. This vulnerability stems from a remote buffer overflow in the /cgi-bin/dido/setdo.cgi endpoint, which could allow authenticated...
Vivotek FD8136 安全漏洞
Vivotek FD8136 is a hemispherical network camera produced by the Chinese company Vivotek. The Vivotek FD8136 FD8136-VVTK-0300a version contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the exportlanguage.cgi binary file. The Content-Length value is direct...
CVE-2018-14494
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...
CVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...
CVE-2018-14496
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocalbuff4326, and setgetparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or...
Vivotek FD8136 Command Injection Vulnerability (CNVD-2019-22783)
Vivotek FD8136 is a hemispherical network camera from Vivotek, Taiwan, China. A command injection vulnerability exists in the Vivotek FD8136. The vulnerability arises from a network system or product not properly filtering specific elements of externally input data during the construction of...
Vivotek FD8136 Buffer Overflow Vulnerability
Vivotek FD8136 is a hemispherical network camera from Vivotek, Taiwan, China. A buffer overflow vulnerability exists in the Vivotek FD8136, which can be exploited by an attacker to cause a buffer overflow or heap overflow...
CVE-2018-14496
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocalbuff4326, and setgetparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or...
CVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...
CVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...
CVE-2018-14496
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocalbuff4326, and setgetparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or...
Stack overflow
DISPUTED Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocalbuff4326, and setgetparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server...
Command injection
DISPUTED Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any...
CVE-2018-14496
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocalbuff4326, and setgetparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or...
CVE-2018-14496
CVE-2018-14496 affects Vivotek FD8136 devices. The vulnerability is a stack-based buffer overflow in the web CGI endpoint “/set_getparam.cgi” related to the use of sprintf and a local buffer (vlocal_buff_4326), enabling remote memory corruption and remote code execution. Multiple sources corrobor...
CVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...