Vulnerabilities (CVE)

Filtered by vendor Vivotek Subscribe
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11950 1 Vivotek 400 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 397 more 2024-11-21 9.0 HIGH 8.8 HIGH
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.
CVE-2020-11949 1 Vivotek 388 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 385 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.
CVE-2019-14458 1 Vivotek 1 Camera 2024-11-21 7.8 HIGH 7.5 HIGH
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
CVE-2019-14457 1 Vivotek 1 Camera 2024-11-21 7.5 HIGH 9.8 CRITICAL
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
CVE-2019-10256 1 Vivotek 1 Camera 2024-11-21 7.5 HIGH 9.8 CRITICAL
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.
CVE-2018-18244 1 Vivotek 1 Camera 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.
CVE-2018-18005 1 Vivotek 1 Camera 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
CVE-2018-18004 1 Vivotek 1 Camera 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
CVE-2018-14771 1 Vivotek 1 Camera 2024-11-21 9.0 HIGH 8.8 HIGH
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
CVE-2018-14770 1 Vivotek 1 Camera 2024-11-21 9.0 HIGH 8.8 HIGH
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
CVE-2018-14769 1 Vivotek 1 Camera 2024-11-21 6.8 MEDIUM 8.8 HIGH
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
CVE-2018-14768 1 Vivotek 1 Camera 2024-11-21 9.0 HIGH 8.8 HIGH
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
CVE-2018-14496 1 Vivotek 2 Fd8136, Fd8136 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
CVE-2018-14495 1 Vivotek 2 Fd8136, Fd8136 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
CVE-2018-14494 1 Vivotek 2 Fd8136, Fd8136 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
CVE-2017-9829 1 Vivotek 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
CVE-2017-9828 1 Vivotek 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
CVE-2013-4985 1 Vivotek 6 Ip7160, Ip7160 Firmware, Ip7361 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
CVE-2013-1598 1 Vivotek 2 Pt7135, Pt7135 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
CVE-2013-1597 1 Vivotek 2 Pt7135, Pt7135 Firmware 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.