14 matches found
EUVD-2018-9743
Malware in sbrugna...
EUVD-2018-9980
Malware in sbrugna...
CVE-2017-9829
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK...
CVE-2024-26548
An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the uploadfile.cgi component...
CVE-2024-26548
The CVE-2024-26548 affects the vivotek Network Camera v.FD8166A-VVTK-0204j. A remote attacker can achieve arbitrary code execution by sending a crafted payload to the upload_file.cgi component. Documented impact is high (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base 9.8). The root cause is ...
PT-2024-21419 · Vivotek · Vivotek Network Cameras
Name of the Vulnerable Software and Affected Versions: vivotek Network Camera version v.FD8166A-VVTK-0204j Description: An issue in the vivotek Network Camera allows a remote attacker to execute arbitrary code via a crafted payload to the "upload file.cgi" component. Recommendations: For version...
CVE-2024-26548
An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the uploadfile.cgi component...
CVE-2020-11950
CVE-2020-11950 affects VIVOTEK Network Cameras prior to XXXXX-VVTK-2.2002.xx.01x and prior to XXXXX-VVTK-0XXXX_Beta2, where an authenticated user can upload and execute a script, resulting in OS command execution (example affected device: IT9388-HT).
Cross-site scripting vulnerability in VIVOTEK Network Camera series products (CNVD-2019-00683)
VIVOTEK Network Camera Series is a series of network camera products from China VIVOTEK. A cross-site scripting vulnerability exists in the eventscript.js file in the VIVOTEK Network Camera Series using firmware versions 0x06x to 0x08x. The vulnerability can be exploited by a remote attacker to...
CVE-2018-18244
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...
CVE-2018-18004
CVE-2018-18004 affects VIVOTEK Network Camera Series via mod_inetd.cgi in firmware before XXXXXX-VVTK-0X09a. Root cause: incorrect access control that permits remote attackers to trigger arbitrary system services through a URL parameter. Impact: potential partial integrity impact by enabling unin...
CVE-2018-18005
Cross-site scripting in eventscript.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter...
CVE-2017-9828
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...
CVE-2017-9829
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK...