Lucene search
+L

335 matches found

Vulnrichment
Vulnrichment
added 2026/01/13 3:12 p.m.4 views

CVE-2026-22755 Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

10CVSS5.3AI score0.21219EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/13 3:12 p.m.26 views

CVE-2026-22755 Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

10CVSS0.21219EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Vivotek多款产品 安全漏洞

Vivotek FD8365 and others are a camera from China's VIVOTEK Communications Vivotek. A security vulnerability exists in several Vivotek products, which originates from command injection. The following products and versions are affected: FD8365, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD938...

10CVSS6AI score0.21219EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.12 views

PT-2026-2794

Name of the Vulnerable Software and Affected Versions Vivotek devices versions 0100a through 012502 Description The affected devices contain an Improper Neutralization of Special Elements used in a Command 'Command Injection' issue. This allows for potential OS Command Injection through the uploa...

10CVSS5.8AI score0.21219EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/01/09 12:23 p.m.10 views

CVE-2018-14494

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...

10CVSS6.7AI score0.03232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:22 p.m.10 views

CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...

10CVSS7.3AI score0.04412EPSS
Exploits1References1
OSV
OSV
added 2026/01/09 12:15 p.m.6 views

CVE-2025-66051

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

6.5CVSS5.7AI score0.0071EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 12:15 p.m.5 views

CVE-2025-66050

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions...

9.8CVSS5.7AI score0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 12:15 p.m.8 views

CVE-2025-66051

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

6.9CVSS0.0071EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 12:15 p.m.9 views

CVE-2025-66050

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions...

9.8CVSS0.00334EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 12:15 p.m.5 views

CVE-2025-66052

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "systemntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access...

7.2CVSS5.8AI score0.01329EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 12:15 p.m.5 views

CVE-2025-66049

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 12:15 p.m.18 views

CVE-2025-66049

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

8.7CVSS0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 12:15 p.m.6 views

CVE-2025-66052

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "systemntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access...

8.6CVSS0.01329EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/09 11:54 a.m.33 views

CVE-2025-66052 Command injection in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "systemntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access...

8.6CVSS0.01329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 11:54 a.m.4 views

CVE-2025-66052 Command injection in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "systemntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access...

8.6CVSS6.6AI score0.01329EPSS
Exploits0References1
CVE
CVE
added 2026/01/09 11:54 a.m.30 views

CVE-2025-66052

The CVE-2025-66052 entry concerns the Vivotek IP7137 camera with firmware 0200a. The vulnerability is a command injection in /cgi-bin/admin/setparam.cgi via the non-sanitized system_ntpIt parameter, exploitable by a user with administrative privileges. The issue is compounded by CVE-2025-66050, w...

8.6CVSS6.6AI score0.01329EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/09 11:54 a.m.28 views

CVE-2025-66051 Path traversal in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

6.9CVSS0.0071EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 11:54 a.m.5 views

CVE-2025-66051 Path traversal in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

6.9CVSS6.4AI score0.0071EPSS
Exploits0References1
CVE
CVE
added 2026/01/09 11:54 a.m.18 views

CVE-2025-66051

CVE-2025-66051 affects the Vivotek IP7137 camera running firmware 0200a. A path traversal flaw allows an authenticated attacker to access resources outside the webroot via a direct HTTP request. The issue is linked to end-of-life status of the product and there is no expected fix. The vulnerabili...

6.9CVSS6.4AI score0.0071EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder