Lucene search
+L

335 matches found

ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.24 views

PT-2026-45751

A stack-based buffer overflow in the export language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export language.cgi endpoint. The handler passes the...

6.5AI score0.00261EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/06/02 12:0 a.m.10 views

Vivotek FD8136 安全漏洞

Vivotek FD8136 is a hemispherical network camera produced by the Chinese company Vivotek. The Vivotek FD8136 FD8136-VVTK-0300a version contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the exportlanguage.cgi binary file. The Content-Length value is direct...

6.3CVSS6.4AI score0.00261EPSS
Exploits0References3
cve
cve
added 2026/06/02 12:0 a.m.23 views

CVE-2026-30650

Vivotek FD8136 cameras (firmware FD8136-VVTK-0300a) expose a post-authentication remote buffer overflow in the /cgi-bin/admin/eventtask.cgi endpoint. An authenticated attacker can remotely execute arbitrary code with root privileges. The issue is characterized by CVE-2026-30650 with a high impact...

8.8CVSS6.4AI score0.00599EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/06/02 12:0 a.m.26 views

CVE-2026-35717

CVE-2026-35717 affects VIVOTEK FD8136 firmware FD8136-VVTK-0300a, specifically the export_language.cgi endpoint. The vulnerability is a stack-based buffer overflow where the handler passes the attacker-controlled Content-Length value directly to fread() as the read size into a fixed-size 0x60-byt...

6.3CVSS6.5AI score0.00261EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/06/02 12:0 a.m.20 views

CVE-2026-30652

Affected product: Vivotek FD8136 cameras running firmware FD8136-VVTK-0300a. Vulnerable component: admin interface endpoint /cgi-bin/dido/setdo.cgi. Root cause: remote buffer overflow allowing an authenticated attacker to execute arbitrary code as root. Impact: high (remote code execution). Explo...

8.8CVSS6.4AI score0.00523EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.26 views

PT-2026-45770

Name of the Vulnerable Software and Affected Versions VIVOTEK INC FD8136-VVTK-0300a affected versions not specified Description A buffer overflow allows a remote attacker to execute arbitrary code via the 'set getparam.cgi' component. A buffer overflow occurs when a program writes more data to a...

7.3CVSS6.4AI score0.00377EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/02 12:0 a.m.49 views

CVE-2026-30650

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

0.00599EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/02 12:0 a.m.47 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

0.00322EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/02 12:0 a.m.43 views

CVE-2026-35718

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...

0.00723EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/02 12:0 a.m.44 views

CVE-2026-30649

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the setgetparam.cgi component...

0.00377EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/02 12:0 a.m.45 views

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

0.00523EPSS
Exploits0References1
packetstorm
packetstorm
added 2026/03/10 12:0 a.m.179 views

📄 Vivotek Camera Firmware OS 0125c Command Injection

Vivotek Camera Firmware OS versions 0100a through 0125c suffer from a command injection vulnerability. The issue resides in the CGI binary uploadmap.cgi, which operates under the Boa Webserver environment. The vulnerability occurs because the application improperly processes the POSTFILENAME...

10CVSS6AI score0.21219EPSS
Exploits1
akamaiblog
akamaiblog
added 2026/01/20 7:0 a.m.3 views

Command Injection in Vivotek Legacy Firmware: What You Need to Know

...

5.4AI score
Exploits0
redhatcve
redhatcve
added 2026/01/13 10:52 p.m.5 views

CVE-2025-66051

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

9.8CVSS6.8AI score0.0071EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/13 10:52 p.m.5 views

CVE-2025-66049

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

8.7CVSS6.2AI score0.00366EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/13 10:52 p.m.9 views

CVE-2025-66052

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "systemntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access...

9.8CVSS7AI score0.01329EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/13 10:52 p.m.5 views

CVE-2025-66050

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions...

9.8CVSS6.9AI score0.00334EPSS
Exploits0References1
nvd
nvd
added 2026/01/13 3:16 p.m.12 views

CVE-2026-22755

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

10CVSS0.21219EPSS
Exploits1References2
euvd
euvd
added 2026/01/13 3:12 p.m.10 views

EUVD-2026-2345

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

10CVSS6.5AI score0.21219EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/01/13 3:12 p.m.4 views

CVE-2026-22755 Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

10CVSS5.3AI score0.21219EPSS
Exploits1References2
Rows per page
Query Builder