19 matches found
EUVD-2026-33967
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...
PT-2026-45771
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...
CVE-2026-30650
Vivotek FD8136 cameras (firmware FD8136-VVTK-0300a) expose a post-authentication remote buffer overflow in the /cgi-bin/admin/eventtask.cgi endpoint. An authenticated attacker can remotely execute arbitrary code with root privileges. The issue is characterized by CVE-2026-30650 with a high impact...
📄 Vivotek Camera Firmware OS 0125c Command Injection
Vivotek Camera Firmware OS versions 0100a through 0125c suffer from a command injection vulnerability. The issue resides in the CGI binary uploadmap.cgi, which operates under the Boa Webserver environment. The vulnerability occurs because the application improperly processes the POSTFILENAME...
Vivotek多款产品 安全漏洞
Vivotek FD8365 and others are a camera from China's VIVOTEK Communications Vivotek. A security vulnerability exists in several Vivotek products, which originates from command injection. The following products and versions are affected: FD8365, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD938...
Exploit for CVE-2019-19936
This exploit is based off of this blog post by Larry Cashdollar...
EUVD-2018-9744
Malware in sbrugna...
EUVD-2020-4286
Malware in sbrugna...
CVE-2020-11950
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x and before XXXXX-VVTK-0XXXXBeta2 allows an authenticated user to upload and execute a script with resultant execution of OS commands. For example, this affects IT9388-HT devices...
CVE-2020-11949
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x and before XXXXX-VVTK-0XXXXBeta2 allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices...
VIVOTEK Network Camera Series Product Cross-Site Scripting Vulnerability
VIVOTEK Network Camera Series is a series of network camera products from China VIVOTEK. A cross-site scripting vulnerability exists in the syslog.html file of VIVOTEK Network Camera Series products using firmware versions 0x06x to 0x08x, which can be exploited by remote attackers to execute...
CVE-2018-18244
The CVE-2018-18244 entry corresponds to a cross-site scripting vulnerability in VIVOTEK Network Camera Series. The affected component is the syslog.html page, exploitable on firmware versions 0x06x to 0x08x. An attacker can remotely inject and execute arbitrary JavaScript in the context of a user...
Vivotek IP Cameras Remote Stack Overflow
STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...
Vulnerabilities in VIVOTEK Network Cameras IB8369, FD8164 and FD816BA
VIVOTEK Network Cameras IB8369, FD8164 and FD816BA are network camera products from VIVOTEK, China. A security vulnerability exists in the /cgi-bin/admin/testserver.cgi file of the Web services in VIVOTEK Network Cameras IB8369, FD8164 and FD816BA. The vulnerability can be exploited to execute...
VIVOTEK Network Cameras IB8369, FD8164 and FD816BA Arbitrary File Read Vulnerabilities
VIVOTEK Network Cameras IB8369, FD8164 and FD816BA are network camera products from VIVOTEK, China. A security vulnerability exists in the /cgi-bin/admin/downloadMedias.cgi file of the web server in VIVOTEK Network Cameras IB8369, FD8164 and FD816BA. An attacker can exploit this vulnerability by...
CVE-2017-9829
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK...
Vivotek Cameras Sensitive Information Disclosure
No description provided by source. Exploit Title: Vivotek Full Data Source CONFIG Date: 09/07/12 Author: Alejandro Leon Morales GothicX Author Mail: Gothicxatfreaknetworkdotin Author Web: www.undermx.blogspot.mx Sofware web: www.vivotek.com Vulnerable version: all Tested on: Microsoft windows 7 /...
Vivotek Cameras Sensitive Information Disclosure
Exploit for hardware platform in category web applications Exploit Title: Vivotek Full Data Source CONFIG Date: 09/07/12 Author: Alejandro Leon Morales GothicX Author Mail: Gothicxatfreaknetworkdotin Author Web: www.undermx.blogspot.mx Sofware web: www.vivotek.com Vulnerable version: all Tested o...
Vivotek Cameras Data Configuration Disclosure
Exploit Title: Vivotek Full Data Source CONFIG Date: 09/07/12 Author: Alejandro Leon Morales GothicX Author Mail: Gothicxatfreaknetworkdotin Author Web: www.undermx.blogspot.mx Sofware web: www.vivotek.com Vulnerable version: all Tested on: Microsoft windows 7 / Vista / XP/ MacOS Dork:...