Vivotek: Security Vulnerabilities
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
CVSS Score
9.8
EPSS Score
0.039
Published
2020-01-24
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.
CVSS Score
5.3
EPSS Score
0.219
Published
2020-01-24
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
CVSS Score
7.5
EPSS Score
0.224
Published
2020-01-24
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
CVSS Score
7.5
EPSS Score
0.252
Published
2019-12-27
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-09-18
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-09-10
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-09-10
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
CVSS Score
9.8
EPSS Score
0.188
Published
2019-07-10
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
CVSS Score
9.8
EPSS Score
0.048
Published
2019-07-10
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
CVSS Score
9.8
EPSS Score
0.09
Published
2019-07-10