Vivotek : Security Vulnerabilities, CVEs, CVSS score >= 7
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.
Max CVSS
9.0
EPSS Score
0.12%
Published
2020-05-28
Updated
2020-06-02
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
Max CVSS
7.8
EPSS Score
0.22%
Published
2019-09-18
Updated
2020-08-24
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
Max CVSS
9.8
EPSS Score
0.36%
Published
2019-09-10
Updated
2021-07-21
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-09-10
Updated
2020-08-24
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
Max CVSS
9.0
EPSS Score
9.18%
Published
2018-09-05
Updated
2020-08-24
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
Max CVSS
9.0
EPSS Score
9.18%
Published
2018-09-05
Updated
2020-08-24
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2018-09-05
Updated
2018-11-13
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
Max CVSS
9.0
EPSS Score
0.52%
Published
2018-08-29
Updated
2020-08-24
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
Max CVSS
9.8
EPSS Score
9.17%
Published
2019-07-10
Updated
2024-04-11
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
Max CVSS
10.0
EPSS Score
8.10%
Published
2019-07-10
Updated
2024-04-11
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
Max CVSS
10.0
EPSS Score
0.33%
Published
2019-07-10
Updated
2024-04-11
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
Max CVSS
7.5
EPSS Score
1.26%
Published
2017-06-23
Updated
2017-07-05
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
Max CVSS
10.0
EPSS Score
0.47%
Published
2017-06-23
Updated
2019-10-03
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
Max CVSS
7.5
EPSS Score
12.87%
Published
2019-12-27
Updated
2020-01-17
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
Max CVSS
9.0
EPSS Score
4.38%
Published
2020-01-24
Updated
2020-01-31
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
Max CVSS
9.8
EPSS Score
7.74%
Published
2020-01-24
Updated
2020-01-27
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
Max CVSS
7.5
EPSS Score
3.29%
Published
2020-01-24
Updated
2020-01-28
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
26.56%
Published
2008-10-28
Updated
2017-09-29
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
Max CVSS
7.6
EPSS Score
6.12%
Published
2007-06-11
Updated
2017-10-11
19 vulnerabilities found