335 matches found
CVE-2018-14496
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocalbuff4326, and setgetparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or...
CVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...
CVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...
CVE-2018-14495
CVE-2018-14495 concerns Vivotek FD8136 devices with a reported Remote Command Injection vulnerability. Connected sources (Red Hat CVEs RH:CVE-2018-14494 and RH:CVE-2018-14495) describe a related issue and indicate vendor disputes, noting that the vulnerability is contested and may not affect curr...
CVE-2018-14494
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...
CVE-2018-14494
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...
Command injection
DISPUTED Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivot...
CVE-2018-14494
CVE-2018-14494 concerns Vivotek FD8136 devices and is described as a Remote Command Injection in evidence related to BusyBox and wget. The connected Red Hat and other entries reiterate this as a vulnerability affecting the FD8136, but the Red Hat notes also classify it as historical and not appli...
CVE-2018-14494
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...
PT-2019-9030 · Vivotek +2 · Vivotek Fd8136 +2
Name of the Vulnerable Software and Affected Versions: Vivotek FD8136 affected versions not specified Description: The issue allows for Remote Command Injection, related to BusyBox and wget. It is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware...
PT-2019-9032 · Vivotek · Vivotek Fd8136
Name of the Vulnerable Software and Affected Versions: Vivotek FD8136 devices affected versions not specified Description: The issue is related to a stack-based buffer overflow, which can lead to remote memory corruption and remote code execution. This is connected to the use of sprintf, vlocal...
PT-2019-9031 · Vivotek · Vivotek Fd8136
Name of the Vulnerable Software and Affected Versions: Vivotek FD8136 devices affected versions not specified Description: The issue allows for Remote Command Injection. It is noted that this is a different issue from other known vulnerabilities. The vendor has disputed this as a vulnerability,...
Vivotek NVR Default Credentials (HTTP)
The remote installation of Vivotek NVR is using known default credentials for its web interface. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public...
Cross-site scripting vulnerability in VIVOTEK Network Camera series products (CNVD-2019-00683)
VIVOTEK Network Camera Series is a series of network camera products from China VIVOTEK. A cross-site scripting vulnerability exists in the eventscript.js file in the VIVOTEK Network Camera Series using firmware versions 0x06x to 0x08x. The vulnerability can be exploited by a remote attacker to...
VIVOTEK Network Camera Series Product Cross-Site Scripting Vulnerability
VIVOTEK Network Camera Series is a series of network camera products from China VIVOTEK. A cross-site scripting vulnerability exists in the syslog.html file of VIVOTEK Network Camera Series products using firmware versions 0x06x to 0x08x, which can be exploited by remote attackers to execute...
Vivotek NVR Detection
Detection of Vivotek SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.114060";...
CVE-2018-18004
Incorrect Access Control in modinetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter...
CVE-2018-18244
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...
CVE-2018-18005
Cross-site scripting in eventscript.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter...
Improper access control
Incorrect Access Control in modinetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter...