Vulnerabilities (CVE)

Filtered by vendor Vivotek Subscribe
Filtered by product Ib8367a Firmware
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7443 1 Vivotek 2 Ib8367a, Ib8367a Firmware 2024-08-06 6.5 MEDIUM 9.8 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-273528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
CVE-2020-11949 1 Vivotek 388 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 385 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.
CVE-2020-11950 1 Vivotek 400 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 397 more 2024-02-28 9.0 HIGH 8.8 HIGH
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.