Vivotek: Security Vulnerabilities
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-09-10
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
CVSS Score
9.8
EPSS Score
0.188
Published
2019-07-10
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
CVSS Score
9.8
EPSS Score
0.048
Published
2019-07-10
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
CVSS Score
9.8
EPSS Score
0.141
Published
2019-07-10
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-01-03
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-03
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-03
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-05
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
CVSS Score
8.8
EPSS Score
0.024
Published
2018-09-05
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
CVSS Score
8.8
EPSS Score
0.024
Published
2018-09-05