4 matches found
CVE-2025-66049
Affected product: Vivotek IP7137 camera with firmware 0200a. Vulnerabilities: (1) information disclosure via RTSP on port 8554 without authentication, exposing live feed; (2) command injection via /cgi-bin/admin/setparam.cgi with parameter system_ntpIt, exploitable by an admin user; (3) path trav...
CVE-2025-66052
The CVE-2025-66052 entry concerns the Vivotek IP7137 camera with firmware 0200a. The vulnerability is a command injection in /cgi-bin/admin/setparam.cgi via the non-sanitized system_ntpIt parameter, exploitable by a user with administrative privileges. The issue is compounded by CVE-2025-66050, w...
CVE-2025-66051
CVE-2025-66051 affects the Vivotek IP7137 camera running firmware 0200a. A path traversal flaw allows an authenticated attacker to access resources outside the webroot via a direct HTTP request. The issue is linked to end-of-life status of the product and there is no expected fix. The vulnerabili...
CVE-2025-66050
CVE-2025-66050 (Vivotek IP7137, firmware 0200a) is linked to multiple issues: path traversal (CVE-2025-66051), information disclosure via RTSP without authentication (CVE-2025-66049), and command injection through /cgi-bin/admin/setparam.cgi (CVE-2025-66052). All references indicate default admin...