Vivotek Security Vulnerabilities
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek...
9.8CVSS
9.5AI Score
0.003EPSS
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or....
9.8CVSS
9.9AI Score
0.092EPSS
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...
9.8CVSS
9.8AI Score
0.081EPSS
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...
9.8CVSS
9.4AI Score
0.006EPSS
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK...
7.5CVSS
7.3AI Score
0.019EPSS
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT...
8.8CVSS
8.6AI Score
0.001EPSS
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT...
6.5CVSS
6.3AI Score
0.001EPSS
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user...
6.5CVSS
7.5AI Score
0.014EPSS
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary...
8.8CVSS
9.4AI Score
0.029EPSS
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port...
5.3CVSS
7AI Score
0.172EPSS
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of...
9.8CVSS
9.3AI Score
0.077EPSS
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear...
7.5CVSS
8.1AI Score
0.033EPSS
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video...
7.5CVSS
7.6AI Score
0.129EPSS
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP...
7.5CVSS
7.4AI Score
0.002EPSS
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was...
9.8CVSS
9.4AI Score
0.002EPSS
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP...
9.8CVSS
9.5AI Score
0.004EPSS
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL...
5.3CVSS
5.4AI Score
0.002EPSS
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string...
6.1CVSS
6.4AI Score
0.002EPSS
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer...
6.1CVSS
6.5AI Score
0.002EPSS
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via...
8.8CVSS
9AI Score
0.092EPSS
8.8CVSS
8.7AI Score
0.001EPSS
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface,...
8.8CVSS
9AI Score
0.092EPSS
Various VIVOTEK FD8, FD9, FE9, IB8, IB9, IP9, IZ9, MS9, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary...
8.8CVSS
9AI Score
0.005EPSS
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products,...
8.2AI Score
0.266EPSS
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property...
8.1AI Score
0.061EPSS