MidnightBSD

Advisories for vivotek

CVE-2013-1594 MEDIUM

An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vivotek pt7135_firmware 0400a
vivotek pt7135_firmware 0300a
CVE-2013-1595 HIGH

A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
vivotek pt7135_firmware 0400a
vivotek pt7135_firmware 0300a
CVE-2013-1596 MEDIUM

An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vivotek pt7135_firmware 0400a
vivotek pt7135_firmware 0300a
CVE-2013-1597 MEDIUM

A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vivotek pt7135_firmware 0400a
vivotek pt7135_firmware 0300a
CVE-2013-1598 HIGH

A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vivotek pt7135_firmware 0400a
vivotek pt7135_firmware 0300a
CVE-2013-4985 MEDIUM

Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vivotek ip8332_firmware 0105b
vivotek ip7160_firmware 0105a
vivotek ip7160_firmware 0105b
vivotek ip7361_firmware 0105a
vivotek ip7361_firmware 0105b
vivotek ip8332_firmware 0105a
CVE-2017-9828 HIGH

'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vivotek network_camera_fd816ba_firmware fd816ba-vvtk-010101.
vivotek network_camera_fd8164_firmware fd8164-_vvtk-0200b
vivotek network_camera_ib8369_firmware ib8369-vvtk-0102a
CVE-2017-9829 MEDIUM

'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vivotek network_camera_fd816ba_firmware fd816ba-vvtk-010101.
vivotek network_camera_fd8164_firmware fd8164-_vvtk-0200b
vivotek network_camera_ib8369_firmware ib8369-vvtk-0102a
CVE-2018-14494 HIGH

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vivotek fd8136_firmware 0301a
CVE-2018-14495 HIGH

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vivotek fd8136_firmware 0301a
CVE-2018-14496 HIGH

Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vivotek fd8136_firmware 0301a
CVE-2018-14768 HIGH

Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2018-14769 MEDIUM

VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2018-14770 HIGH

VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2018-14771 HIGH

VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2018-18004 MEDIUM

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2018-18005 MEDIUM

Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2018-18244 MEDIUM

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2019-10256 HIGH

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2019-14457 HIGH

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2019-14458 HIGH

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vivotek camera -
CVE-2020-11949 MEDIUM

testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vivotek fd816b-ht_firmware *
vivotek ib8382-f3_firmware *
vivotek fd8382-tv_firmware *
vivotek sd9366-ehl_firmware *
vivotek fd9388-htv_firmware *
vivotek fd8182-f1_firmware *
vivotek sd9364-ehl_firmware *
vivotek fd9189-h_firmware *
vivotek ms9390-hv_firmware *
vivotek it9389-ht_firmware *
vivotek fd9367-hv_firmware *
vivotek fd9181-ht_firmware *
vivotek ib9360-h_firmware *
vivotek md9560-dh_firmware *
vivotek ib836ba-eht_firmware *
vivotek fd836b-ehtv_firmware *
vivotek fd9387-htv-a_firmware *
vivotek fd9380-h_firmware *
vivotek fd9389-ehv_firmware *
vivotek fd836b-ehvf2_firmware *
vivotek ib836ba-hf3_firmware *
vivotek ib9387-eht_firmware *
vivotek cc8370-hv_firmware *
vivotek fd9371-ehtv_firmware *
vivotek it9388-ht_firmware *
vivotek fd9171-ht_firmware *
vivotek ib9389-ht_firmware *
vivotek ib9368-ht_firmware *
vivotek ip9164-lpc_firmware *
vivotek ib9367-eht_firmware *
vivotek tb9331-e_firmware *
vivotek ib9388-ht_firmware *
vivotek sd9362-ehl_firmware *
vivotek fd9387-ehv_firmware *
vivotek ib9387-eh_firmware *
vivotek ib9367-h_firmware *
vivotek sd9161-h_firmware *
vivotek fd8167a_firmware *
vivotek ib8360_firmware *
vivotek ib836ba-ehf3_firmware *
vivotek fd8169a_firmware *
vivotek ib836b-hf3_firmware *
vivotek fd836b-hvf2_firmware *
vivotek fd836ba-ehtv_firmware *
vivotek sd9362-eh_firmware *
vivotek ib8377-ht_firmware *
vivotek ib9387-ht-a_firmware *
vivotek md8563-eh_firmware *
vivotek fd8379-hv_firmware *
vivotek fd9368-htv_firmware *
vivotek fd9387-ehtv_firmware *
vivotek fe9391-ev_firmware *
vivotek ip9181-h_firmware *
vivotek fd9389-hmv_firmware *
vivotek fe9180-h_firmware *
vivotek sd9364-ehl-v2_firmware *
vivotek ib836b-ht_firmware *
vivotek cc9381-hv_firmware *
vivotek ib8382-ef3_firmware *
vivotek fd836b-htv_firmware *
vivotek ib8367a_firmware *
vivotek ib9365-ht-a_firmware *
vivotek ip9172-lpc(freeway)_firmware *
vivotek ib9365-ht_firmware *
vivotek ib8369a_firmware *
vivotek fe9382-ehv_firmware *
vivotek fd9365-ehtv_firmware *
vivotek ip9165-lpc_firmware *
vivotek fe9380-hv_firmware *
vivotek fe9191_firmware *
vivotek fd9367-htv_firmware *
vivotek ib836ba-ht_firmware *
vivotek ip9165-lpc(i-cs_kit)_firmware *
vivotek ip8160_firmware *
vivotek fd8382-vf2_firmware *
vivotek ib8360-w_firmware *
vivotek ib8382-et_firmware *
vivotek md8565-n_firmware *
vivotek ip9164-ht_firmware *
vivotek cc8160_firmware *
vivotek fd836ba-ehvf2_firmware *
vivotek fd8367a-v_firmware *
vivotek ib836b-hrf3_firmware *
vivotek fd9166-hn_firmware *
vivotek fd8177-h_firmware *
vivotek ip9165-ht_firmware *
vivotek ib9365-eht-a_firmware *
vivotek vc8101_firmware *
vivotek fe9181-h_firmware *
vivotek ib9367-eh_firmware *
vivotek ip9165-hp_firmware *
vivotek ib9389-eh_firmware *
vivotek ib8377-eht_firmware *
vivotek fd9189-hm_firmware *
vivotek sd9363-ehl_firmware *
vivotek fd9365-htv_firmware *
vivotek fd9391-ehtv_firmware *
vivotek cc8160(hs)_firmware *
vivotek fd9187-ht_firmware *
vivotek sd9362-eh-v2_firmware *
vivotek iz9361-eh_firmware *
vivotek sd9364-eh_firmware *
vivotek fd816b-hf2_firmware *
vivotek fd8369a-v_firmware *
vivotek it9380-h_firmware *
vivotek ip9167-ht_firmware *
vivotek fd8166a_firmware *
vivotek ib8377-h_firmware *
vivotek ib9387-ht_firmware *
vivotek fd9367-ehtv_firmware *
vivotek ib9381-eht_firmware *
vivotek cd8371-hnvf2_firmware *
vivotek fd836ba-htv_firmware *
vivotek fd9365-ehtv-a_firmware *
vivotek fd816ba-hf2_firmware *
vivotek ip9167-hp_firmware *
vivotek ib9391-eht_firmware *
vivotek ma9322-ehtv_firmware *
vivotek fd9189-ht_firmware *
vivotek sd9374-ehl_firmware *
vivotek fd9366-hv_firmware *
vivotek fd8182-t_firmware *
vivotek md9561-h_firmware *
vivotek ib9389-hm_firmware *
vivotek cc8371-hv_firmware *
vivotek ms9321-ehv_firmware *
vivotek ib836b-eht_firmware *
vivotek fd9381-ehtv_firmware *
vivotek fe9182-h_firmware *
vivotek fd8166a-n_firmware *
vivotek tb9330-e_firmware *
vivotek fd9389-ehtv_firmware *
vivotek fd816c-hf2_firmware *
vivotek md9581-h_firmware *
vivotek fd9165-ht_firmware *
vivotek sd9366-eh_firmware *
vivotek fd9187-ht-a_firmware *
vivotek fd9367-htv(epoc)_firmware -
vivotek fd8177-ht_firmware *
vivotek fd816ba-ht_firmware *
vivotek fd8377-htv_firmware *
vivotek ma9321-ehtv_firmware *
vivotek fd9387-htv_firmware *
vivotek fd816ca-hf2_firmware *
vivotek sd9361-ehl_firmware *
vivotek fd9387-ehtv-a_firmware *
vivotek fd8377-hv_firmware *
vivotek fd8366-v_firmware *
vivotek ib9389-ehm_firmware *
vivotek ip9191-hp_firmware *
vivotek vs8100-v2_firmware *
vivotek ip8166_firmware *
vivotek fd9389-htv_firmware *
vivotek fd8382-etv_firmware *
vivotek sd9366-eh-v2_firmware *
vivotek sd9365-ehl_firmware *
vivotek fd9167-h_firmware *
vivotek fd9365-htv-a_firmware *
vivotek fd9365-htvl_firmware *
vivotek it9360-h_firmware *
vivotek sd9364-eh-v2_firmware *
vivotek ib9389-h_firmware *
vivotek fe9582-ehnv_firmware *
vivotek ib9365-eht_firmware *
vivotek fd9387-hv_firmware *
vivotek fd9389-ehmv_firmware *
vivotek ip9171-hp_firmware *
vivotek fd8182-f2_firmware *
vivotek fd9360-h_firmware *
vivotek ib8382-t_firmware *
vivotek md8563-deh_firmware *
vivotek fd8377-ehtv_firmware *
vivotek ip8160-w_firmware *
vivotek md9560-h_firmware *
vivotek fd836ba-hvf2_firmware *
vivotek fd9187-h_firmware *
vivotek it9389-h_firmware *
vivotek fd8179-h_firmware *
vivotek fd9389-hv_firmware *
vivotek ib9367-ht_firmware *
vivotek ib9389-eht_firmware *
vivotek ip9191-ht_firmware *
vivotek ib9380-h_firmware *
vivotek ib9387-h_firmware *
vivotek ib836b-ehf3_firmware *
vivotek ib9387-eht-a_firmware *
vivotek fd9165-ht-a_firmware *
vivotek ib9371-eht_firmware *
vivotek cd8371-hntv_firmware *
vivotek md8564-eh_firmware *
vivotek fd8382-evf2_firmware *
vivotek fd9167-ht_firmware *
vivotek fe9381-ehv_firmware *
vivotek sd9363-ehl-v2_firmware *
CVE-2020-11950 HIGH

VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vivotek fd816b-ht_firmware *
vivotek ib8382-f3_firmware *
vivotek fd8382-tv_firmware *
vivotek sd9366-ehl_firmware *
vivotek fd9388-htv_firmware *
vivotek fd8182-f1_firmware *
vivotek sd9364-ehl_firmware *
vivotek fd9189-h_firmware *
vivotek ms9390-hv_firmware *
vivotek it9389-ht_firmware *
vivotek fd9367-hv_firmware *
vivotek fd9181-ht_firmware *
vivotek ib9360-h_firmware *
vivotek md9560-dh_firmware *
vivotek ib836ba-eht_firmware *
vivotek fd836b-ehtv_firmware *
vivotek fd9387-htv-a_firmware *
vivotek fd9380-h_firmware *
vivotek fd9389-ehv_firmware *
vivotek fd836b-ehvf2_firmware *
vivotek ib836ba-hf3_firmware *
vivotek ib9387-eht_firmware *
vivotek cc8370-hv_firmware *
vivotek it9388-ht_firmware *
vivotek fd9171-ht_firmware *
vivotek ib9389-ht_firmware *
vivotek ib9368-ht_firmware *
vivotek ip9164-lpc_firmware *
vivotek ib9367-eht_firmware *
vivotek tb9331-e_firmware *
vivotek ib9388-ht_firmware *
vivotek sd9362-ehl_firmware *
vivotek fd9387-ehv_firmware *
vivotek ib9387-eh_firmware *
vivotek ib9367-h_firmware *
vivotek sd9161-h_firmware *
vivotek fd8167a_firmware *
vivotek ib8360_firmware *
vivotek ib836ba-ehf3_firmware *
vivotek fd8169a_firmware *
vivotek ib836b-hf3_firmware *
vivotek fd836b-hvf2_firmware *
vivotek fd836ba-ehtv_firmware *
vivotek sd9362-eh_firmware *
vivotek fd9381-(e)htv_firmware *
vivotek ib8377-ht_firmware *
vivotek ib9387-ht-a_firmware *
vivotek md8563-eh_firmware *
vivotek fd8379-hv_firmware *
vivotek fd9368-htv_firmware *
vivotek fd9387-ehtv_firmware *
vivotek fe9391-ev_firmware *
vivotek ip9181-h_firmware *
vivotek fd9389-hmv_firmware *
vivotek fe9180-h_firmware *
vivotek sd9364-ehl-v2_firmware *
vivotek ib836b-ht_firmware *
vivotek cc9381-hv_firmware *
vivotek ib8382-ef3_firmware *
vivotek fd836b-htv_firmware *
vivotek ib8367a_firmware *
vivotek ib9365-ht-a_firmware *
vivotek ib9365-ht_firmware *
vivotek ib8369a_firmware *
vivotek fe9382-ehv_firmware *
vivotek fd9365-ehtv_firmware *
vivotek ip9165-lpc_firmware *
vivotek fe9380-hv_firmware *
vivotek fe9191_firmware *
vivotek fd9367-htv_firmware *
vivotek ib836ba-ht_firmware *
vivotek ip9165-lpc(i-cs_kit)_firmware *
vivotek ip8160_firmware *
vivotek fd8382-vf2_firmware *
vivotek ib8360-w_firmware *
vivotek ib8382-et_firmware *
vivotek md8565-n_firmware *
vivotek ip9164-ht_firmware *
vivotek cc8160_firmware *
vivotek fd836ba-ehvf2_firmware *
vivotek fd8367a-v_firmware *
vivotek ib836b-hrf3_firmware *
vivotek fd9166-hn_firmware *
vivotek fd8177-h_firmware *
vivotek ip9165-ht_firmware *
vivotek ib9365-eht-a_firmware *
vivotek vc8101_firmware *
vivotek fe9181-h_firmware *
vivotek ib9367-eh_firmware *
vivotek ip9165-hp_firmware *
vivotek ib9389-eh_firmware *
vivotek ib8377-eht_firmware *
vivotek fd9189-hm_firmware *
vivotek sd9363-ehl_firmware *
vivotek fd9365-htv_firmware *
vivotek fd9391-ehtv_firmware *
vivotek cc8160(hs)_firmware *
vivotek fd9187-ht_firmware *
vivotek sd9362-eh-v2_firmware *
vivotek iz9361-eh_firmware *
vivotek sd9364-eh_firmware *
vivotek fd816b-hf2_firmware *
vivotek fd8369a-v_firmware *
vivotek it9380-h_firmware *
vivotek ip9167-ht_firmware *
vivotek fd8166a_firmware *
vivotek ip9172-lpc_firmware *
vivotek ib8377-h_firmware *
vivotek ib8379-h_firmware *
vivotek fd9371-(e)htv_firmware *
vivotek ib9387-ht_firmware *
vivotek fd9367-ehtv_firmware *
vivotek cd8371-hnvf2_firmware *
vivotek fd836ba-htv_firmware *
vivotek fd9365-ehtv-a_firmware *
vivotek fd816ba-hf2_firmware *
vivotek ip9167-hp_firmware *
vivotek ib9391-eht_firmware *
vivotek ma9322-ehtv_firmware *
vivotek fd9189-ht_firmware *
vivotek ib9371-(e)ht_firmware *
vivotek fd9366-hv_firmware *
vivotek fd8182-t_firmware *
vivotek md9561-h_firmware *
vivotek ib9389-hm_firmware *
vivotek cc8371-hv_firmware *
vivotek ms9321-ehv_firmware *
vivotek ib836b-eht_firmware *
vivotek fe9182-h_firmware *
vivotek fd8166a-n_firmware *
vivotek tb9330-e_firmware *
vivotek fd9389-ehtv_firmware *
vivotek ib9381-(e)ht_firmware *
vivotek fd816c-hf2_firmware *
vivotek md9581-h_firmware *
vivotek fd9165-ht_firmware *
vivotek ib8382-rf3_firmware *
vivotek sd9366-eh_firmware *
vivotek fd9187-ht-a_firmware *
vivotek fd8177-ht_firmware *
vivotek fd816ba-ht_firmware *
vivotek fd8377-htv_firmware *
vivotek fe8182_firmware *
vivotek ma9321-ehtv_firmware *
vivotek fd9367-htv(epoc)_firmware *
vivotek fd9387-htv_firmware *
vivotek fd816ca-hf2_firmware *
vivotek sd9361-ehl_firmware *
vivotek fd9387-ehtv-a_firmware *
vivotek fd8377-hv_firmware *
vivotek fd8366-v_firmware *
vivotek ib9389-ehm_firmware *
vivotek fd8169a-s_firmware *
vivotek ip9191-hp_firmware *
vivotek vs8100-v2_firmware *
vivotek ip8166_firmware *
vivotek fd9389-htv_firmware *
vivotek fd8382-etv_firmware *
vivotek sd9366-eh-v2_firmware *
vivotek sd9365-ehl_firmware *
vivotek fd9167-h_firmware *
vivotek fd9365-htv-a_firmware *
vivotek fd9365-htvl_firmware *
vivotek it9360-h_firmware *
vivotek sd9364-eh-v2_firmware *
vivotek ib9389-h_firmware *
vivotek fe9582-ehnv_firmware *
vivotek ib9365-eht_firmware *
vivotek fd9387-hv_firmware *
vivotek fd9389-ehmv_firmware *
vivotek ip9171-hp_firmware *
vivotek fd8182-f2_firmware *
vivotek fd9360-h_firmware *
vivotek ib8382-t_firmware *
vivotek md8563-deh_firmware *
vivotek fd8377-ehtv_firmware *
vivotek ip8160-w_firmware *
vivotek md9560-h_firmware *
vivotek fd8167a-s_firmware *
vivotek fd836ba-hvf2_firmware *
vivotek fd9187-h_firmware *
vivotek it9389-h_firmware *
vivotek fd8179-h_firmware *
vivotek fd9389-hv_firmware *
vivotek ib9367-ht_firmware *
vivotek ib9389-eht_firmware *
vivotek ip9191-ht_firmware *
vivotek ib9380-h_firmware *
vivotek sd9374-ehl(x)_firmware *
vivotek ib9387-h_firmware *
vivotek ib836b-ehf3_firmware *
vivotek ib9387-eht-a_firmware *
vivotek fd9165-ht-a_firmware *
vivotek cd8371-hntv_firmware *
vivotek md8564-eh_firmware *
vivotek ib8382-rt_firmware *
vivotek fd8382-evf2_firmware *
vivotek fd9167-ht_firmware *
vivotek fe9381-ehv_firmware *
vivotek sd9363-ehl-v2_firmware *
CVE-2024-26548

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.

Products Affected

Vendor Product Version
vivotek camera_firmware v.fd8166a-vvtk-0204j
CVE-2025-66049

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.  The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Products Affected

Vendor Product Version
vivotek ip7137_firmware 0200a
CVE-2025-66050

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Products Affected

Vendor Product Version
vivotek ip7137_firmware 0200a
CVE-2025-66051

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Products Affected

Vendor Product Version
vivotek ip7137_firmware 0200a
CVE-2025-66052

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default,  The vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Products Affected

Vendor Product Version
vivotek ip7137_firmware 0200a