An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.
Source: MITRE
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-03-01
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.
Source: MITRE
Max CVSS
9.0
EPSS Score
0.12%
Published
2020-05-28
Updated
2020-06-02
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-05-28
Updated
2021-07-21
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.22%
Published
2019-09-18
Updated
2020-08-24
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.36%
Published
2019-09-10
Updated
2021-07-21
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-09-10
Updated
2020-08-24
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.17%
Published
2019-01-03
Updated
2019-01-14
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.17%
Published
2019-01-03
Updated
2019-01-14
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.19%
Published
2019-01-03
Updated
2020-08-24
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
Source: MITRE
Max CVSS
9.0
EPSS Score
9.18%
Published
2018-09-05
Updated
2020-08-24
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
Source: MITRE
Max CVSS
9.0
EPSS Score
9.18%
Published
2018-09-05
Updated
2020-08-24
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2018-09-05
Updated
2018-11-13
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
Source: MITRE
Max CVSS
9.0
EPSS Score
0.52%
Published
2018-08-29
Updated
2020-08-24
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
Source: MITRE
Max CVSS
9.8
EPSS Score
9.17%
Published
2019-07-10
Updated
2024-05-17
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
Source: MITRE
Max CVSS
10.0
EPSS Score
8.10%
Published
2019-07-10
Updated
2024-05-17
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
Source: MITRE
Max CVSS
10.0
EPSS Score
0.33%
Published
2019-07-10
Updated
2024-05-17
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
Source: MITRE
Max CVSS
7.5
EPSS Score
1.92%
Published
2017-06-23
Updated
2017-07-05
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.56%
Published
2017-06-23
Updated
2019-10-03
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
Source: MITRE
Max CVSS
7.5
EPSS Score
12.87%
Published
2019-12-27
Updated
2020-01-17
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
Source: MITRE
Max CVSS
9.0
EPSS Score
3.36%
Published
2020-01-24
Updated
2020-01-31
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
Source: MITRE
Max CVSS
6.5
EPSS Score
1.40%
Published
2020-01-24
Updated
2020-01-27
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.
Source: MITRE
Max CVSS
5.3
EPSS Score
17.23%
Published
2020-01-24
Updated
2020-01-31
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
Source: MITRE
Max CVSS
9.8
EPSS Score
7.74%
Published
2020-01-24
Updated
2020-01-27
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
Source: MITRE
Max CVSS
7.5
EPSS Score
3.29%
Published
2020-01-24
Updated
2020-01-28
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
9.3
EPSS Score
26.56%
Published
2008-10-28
Updated
2017-09-29
26 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!