CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

CVE-2026-30652

Affected product: Vivotek FD8136 cameras running firmware FD8136-VVTK-0300a. Vulnerable component: admin interface endpoint /cgi-bin/dido/setdo.cgi. Root cause: remote buffer overflow allowing an authenticated attacker to execute arbitrary code as root. Impact: high (remote code execution). Explo...

CVE-2025-66050

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions...

CVE-2025-66051 Path traversal in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

Vivotek IP7137 路径遍历漏洞

The Vivotek IP7137 is an IP camera from China's Vivotek Communications Vivotek. A path traversal vulnerability exists in the Vivotek IP7137 version 0200a, which can be exploited by an authenticated attacker to access resources outside of the web root directory via a direct HTTP request, potential...

Vivotek Camera 安全漏洞

Vivotek Camera is a webcam from China VIVOTEK Communications Vivotek. A security vulnerability exists in Vivotek Camera that stems from the firmware using default credentials to log into the root and user accounts...

EUVD-2024-23813

Malicious code in bioql PyPI...

PT-2024-38350 · Vivotek · Vivotek Cc8160

Name of the Vulnerable Software and Affected Versions: Vivotek CC8160 VVTK-0100d affected versions not specified Description: A critical vulnerability affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It is possible ...

CVE-2024-26548

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the uploadfile.cgi component...

Vivotek VIVOTEK IP Camera 操作系统命令注入漏洞

Vivotek VIVOTEK IP Camera is an IP camera from Vivotek, Taiwan, China. The IP camera device suffers from an operating system command injection vulnerability, which originates from the NTP Server configuration not being verified with special parameters. This vulnerability can be exploited by a...

Vivotek FD8136 Command Injection Vulnerability

Vivotek FD8136 is a hemispherical network camera from Vivotek, Taiwan, China. A command injection vulnerability exists in the Vivotek FD8136, which can be exploited by an attacker to execute an illegal command if a network system or product fails to properly filter specific elements of externally...