CVE-2019-10256

CVE-2019-10256 concerns an authentication bypass in VIVOTEK IPCam devices. Affected product: VIVOTEK IPCam versions prior to 0x13a. The CVSS metrics indicate high impact (C/H/I/A all High in CVSS3.1; overall base score 9.8). Connected sources corroborate the authentication bypass issue across mul...

CVE-2019-14457

Vulnerability CVE-2019-14457 affects VIVOTEK IP Camera devices running firmware prior to 0x20x. The flaw is a stack-based buffer overflow triggered by a crafted HTTP header, potentially allowing arbitrary code execution. NVD metrics show a high/critical impact with network access and no user inte...

CVE-2018-14770

VIVOTEK FD8177 network cameras are affected by CVE-2018-14770 via the ONVIF interface, specifically the /onvif/device_service endpoint. The root cause is described as a command injection vulnerability that can allow remote attackers to execute arbitrary code. The issue affects FD8177 devices prio...

CVE-2018-14771

CVE-2018-14771 affects VIVOTEK FD8177 network cameras prior to XXXXXX-VVTK-xx06a. The issue is a command-injection vulnerability in eventscript.cgi that enables remote code execution. CVSS v3 base score 8.8 (High) with network access, low attack complexity, and no user interaction; impacts confid...

CVE-2018-18004

CVE-2018-18004 affects VIVOTEK Network Camera Series via mod_inetd.cgi in firmware before XXXXXX-VVTK-0X09a. Root cause: incorrect access control that permits remote attackers to trigger arbitrary system services through a URL parameter. Impact: potential partial integrity impact by enabling unin...

CVE-2019-14458

CVE-2019-14458 affects VIVOTEK IP Camera devices with firmware before 0x20x. The vulnerability allows a denial-of-service triggered by a crafted HTTP header. Exploit details, affected models/versions beyond the firmware threshold, and concrete remediation are not provided in the connected documen...

CVE-2018-14768

Mode C: CVE-2018-14768 concerns VIVOTEK network cameras with firmware versions lower than XXXXXX-VVTK-0X06a, where an authenticated attacker can exploit a command-injection vulnerability via update_lens.cgi to execute arbitrary commands. Affected products include FD8*, FD9*, FE9*, IB8*, IB9*, IP9...

CVE-2018-18005

Summary: CVE-2018-18005 affects VIVOTEK Network Camera Series devices. The vulnerability is a cross-site scripting (XSS) flaw in the JavaScript file event_script.js, exploitable on firmware versions 0x06x to 0x08x. A remote attacker can cause arbitrary JavaScript execution by supplying a crafted ...

CVE-2018-14769

CVE-2018-14769 affects VIVOTEK FD8177 devices prior to the firmware version XXXXXX-VVTK-xx06a, where a CSRF vulnerability exists. The NVD entry shows a CVSS-3 base score of 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, and user interaction required; impact ...

CVE-2018-18244

The CVE-2018-18244 entry corresponds to a cross-site scripting vulnerability in VIVOTEK Network Camera Series. The affected component is the syslog.html page, exploitable on firmware versions 0x06x to 0x08x. An attacker can remotely inject and execute arbitrary JavaScript in the context of a user...