Vulnerability Details : CVE-2020-11950
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.
Products affected by CVE-2020-11950
- cpe:2.3:o:vivotek:cc9381-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9360-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9368-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9380-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9388-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9360-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9368-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9380-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9388-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:it9360-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:it9380-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:it9388-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:md9560-dh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:md9560-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9366-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9166-hn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9380-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:cc8160_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:cc8160\(hs\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:cc8370-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:cc8371-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:cd8371-hntv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:cd8371-hnvf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8166a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8166a-n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8167a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8169a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8367a-v_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8369a-v_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd816ba-hf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd836ba-hvf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd836ba-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd836ba-ehvf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd816ba-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd836ba-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836ba-ehf3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836ba-eht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836ba-hf3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836ba-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd816b-hf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd816b-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd836b-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd836b-ehvf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd836b-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd836b-hvf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836b-ehf3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836b-eht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836b-hf3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836b-hrf3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib836b-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd816ca-hf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd816c-hf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8182-f1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8182-f2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8182-t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8382-etv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8382-evf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8382-tv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8382-vf2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8382-ef3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8382-et_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8382-f3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8382-t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8366-v_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8367a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8369a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip8166_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:md8563-deh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:md8563-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:md8564-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:md8565-n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:vc8101_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:vs8100-v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip8160_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip8160-w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8360_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8360-w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9171-hp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9181-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9171-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9181-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9181-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9182-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9381-ehv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9382-ehv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9180-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9582-ehnv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9161-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9361-ehl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9362-ehl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9362-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9363-ehl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9364-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9364-ehl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9363-ehl-v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9364-ehl-v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9362-eh-v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9364-eh-v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9366-eh-v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9366-ehl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9366-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9365-ehl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:iz9361-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9187-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9187-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9387-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9387-ehv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9387-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9387-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9387-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9387-eht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9387-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9387-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9189-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9189-hm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9189-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9389-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9389-hmv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9389-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9389-ehmv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9389-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9389-ehv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9389-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9389-ehm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9389-eht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9389-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9389-hm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9389-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9165-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9365-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9365-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9365-htvl_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9365-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9365-eht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9165-hp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9165-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9165-lpc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9391-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9191_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9191-hp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9191-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe9391-ev_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9391-eht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:it9389-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:it9389-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:md9561-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:md9581-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ms9390-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:tb9330-e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:tb9331-e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9167-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9167-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9367-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9367-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9367-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9367-htv\(epoc\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9367-eh_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9367-eht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9367-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9367-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9167-hp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9167-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ma9321-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ms9321-ehv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ma9322-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8177-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8377-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8177-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8377-ehtv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8377-htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8179-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8379-hv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8377-h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8377-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8377-eht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9165-ht-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9365-htv-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9365-ehtv-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9187-ht-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9387-htv-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9387-ehtv-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9365-eht-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9365-ht-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9387-eht-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9387-ht-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9164-ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9164-lpc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9165-lpc\(i-cs_kit\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8167a-s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd8169a-s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fe8182_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8382-rf3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8382-rt_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9371-\(e\)htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:fd9381-\(e\)htv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9371-\(e\)ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib9381-\(e\)ht_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ip9172-lpc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:sd9374-ehl\(x\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:vivotek:ib8379-h_firmware:*:*:*:*:*:*:*:*
Max 200 conditions are displayed on this page, to prevent potential performance issues,
please refer to NVD for more details.
Exploit prediction scoring system (EPSS) score for CVE-2020-11950
1.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-11950
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-11950
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-11950
Jump to