Search criteria
18 vulnerabilities by Vivotek
CVE-2025-66052 (GCVE-0-2025-66052)
Vulnerability from cvelistv5 – Published: 2026-01-09 11:54 – Updated: 2026-01-09 12:51 Unsupported When Assigned
VLAI?
Title
Command injection in Vivotek IP7137 cameras
Summary
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default,
The vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Szymon Paszun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T12:50:56.686031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T12:51:10.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IP7137",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "0200a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Szymon Paszun"
}
],
"datePublic": "2026-01-09T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter \"system_ntpIt\" used by \"/cgi-bin/admin/setparam.cgi\" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default,\u0026nbsp;\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vendor has not replied to the CNA Possibly all firmware versions are affected. \u003c/span\u003eSince the product has met End-Of-Life phase, a fix is not expected to be released."
}
],
"value": "Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter \"system_ntpIt\" used by \"/cgi-bin/admin/setparam.cgi\" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default,\u00a0\nThe vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T11:54:16.626Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/01/CVE-2025-66049"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Command injection in Vivotek IP7137 cameras",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-66052",
"datePublished": "2026-01-09T11:54:16.626Z",
"dateReserved": "2025-11-21T10:41:30.020Z",
"dateUpdated": "2026-01-09T12:51:10.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66051 (GCVE-0-2025-66051)
Vulnerability from cvelistv5 – Published: 2026-01-09 11:54 – Updated: 2026-01-09 14:07 Unsupported When Assigned
VLAI?
Title
Path traversal in Vivotek IP7137 cameras
Summary
Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default.
The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Szymon Paszun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T14:06:46.935487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T14:07:13.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IP7137",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "0200a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Szymon Paszun"
}
],
"datePublic": "2026-01-09T11:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eVivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. I\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003et is possible for an authenticated attacker to access resources beyond webroot directory using a\u0026nbsp;\u003c/span\u003edirect HTTP request. Due to\u0026nbsp;CVE-2025-66050, a password for administration panel is not set \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eby default\u003c/span\u003e.\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vendor has not replied to the CNA. Possibly all firmware versions are affected. \u003c/span\u003eSince the product has met End-Of-Life phase, a fix is not expected to be released. \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a\u00a0direct HTTP request. Due to\u00a0CVE-2025-66050, a password for administration panel is not set by default.\nThe vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T11:54:09.170Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/01/CVE-2025-66049"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Path traversal in Vivotek IP7137 cameras",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-66051",
"datePublished": "2026-01-09T11:54:09.170Z",
"dateReserved": "2025-11-21T10:41:30.020Z",
"dateUpdated": "2026-01-09T14:07:13.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66050 (GCVE-0-2025-66050)
Vulnerability from cvelistv5 – Published: 2026-01-09 11:53 – Updated: 2026-01-09 14:08 Unsupported When Assigned
VLAI?
Title
No password set for administrative account in Vivotek IP7137 cameras
Summary
Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need.
The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.
Severity ?
CWE
- CWE-1393 - Use of Default Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Szymon Paszun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T14:07:49.180246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T14:08:08.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IP7137",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "0200a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Szymon Paszun"
}
],
"datePublic": "2026-01-09T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eVivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need.\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vendor has not replied to the CNA. Possibly all firmware versions are affected. \u003c/span\u003eSince the product has met End-Of-Life phase, a fix is not expected to be released. \u003cbr\u003e"
}
],
"value": "Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need.\nThe vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T11:53:45.338Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/01/CVE-2025-66049"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "No password set for administrative account in Vivotek IP7137 cameras",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-66050",
"datePublished": "2026-01-09T11:53:45.338Z",
"dateReserved": "2025-11-21T10:41:30.020Z",
"dateUpdated": "2026-01-09T14:08:08.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66049 (GCVE-0-2025-66049)
Vulnerability from cvelistv5 – Published: 2026-01-09 11:53 – Updated: 2026-01-09 16:22 Unsupported When Assigned
VLAI?
Title
Unprotected RTSP stream in Vivotek IP7137 cameras
Summary
Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security.
The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Szymon Paszun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T16:22:03.331793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T16:22:19.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IP7137",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "0200a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Szymon Paszun"
}
],
"datePublic": "2026-01-09T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eVivotek\u0026nbsp;IP7137\u0026nbsp;camera with firmware version\u0026nbsp;0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera\u0027s feed, potentially compromising user privacy and security.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vendor has not replied to the CNA. Possibly all firmware versions are affected.\u0026nbsp;\u003c/span\u003eSince the product has met End-Of-Life phase, a fix is not expected to be released.\u0026nbsp;"
}
],
"value": "Vivotek\u00a0IP7137\u00a0camera with firmware version\u00a00200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera\u0027s feed, potentially compromising user privacy and security.\u00a0\nThe vendor has not replied to the CNA. Possibly all firmware versions are affected.\u00a0Since the product has met End-Of-Life phase, a fix is not expected to be released."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T11:53:41.060Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/01/CVE-2025-66049"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Unprotected RTSP stream in Vivotek\u00a0IP7137 cameras",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-66049",
"datePublished": "2026-01-09T11:53:41.060Z",
"dateReserved": "2025-11-21T10:41:30.019Z",
"dateUpdated": "2026-01-09T16:22:19.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12592 (GCVE-0-2025-12592)
Vulnerability from cvelistv5 – Published: 2025-11-19 12:30 – Updated: 2025-11-19 16:07
VLAI?
Title
Use of default login credentials in Legacy Vivotek Devices
Summary
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.
Severity ?
CWE
- CWE-1392 - CWE-1392: Use of Default Credentials
Assigner
References
Impacted products
Credits
Larry W. Cashdollar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:07:31.532330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:07:56.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://ftpmirror.your.org/pub/misc/ftp.vivotek.com/Firmware/",
"defaultStatus": "unaffected",
"modules": [
"Firmware"
],
"product": "Affected device model numbers are FD7131-VVTK,FD7131-VVTK,FD7131-VVTK,FD7141-VVTK,IP7131-VVTK,IP7133-VVTK,IP7133-VVTK,IP7133-VVTK,IP7134-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7138-VVTK,IP7142-VVTK,IP7142-VVTK,IP7151-VVTK,IP7152-VVTK,IP7153-VVTK,IP7153-VVTK,IP7154-VVTK,IP7330-VVTK,IP7330-VVTK,IP7330-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131W-VVTK,PT7135-VVTK,PT7137-TCON,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PZ7131-VVTK,PZ7131-VVTK,PZ71X1-VVTK,PZ71X1-VVTK,PZ71X2-VVTK,SD73X3-VVTK,SD73X3-VVTK,SD73X3-VVTK,TC5330-VVTK,TC5332-TCVV,TC5333-TCVV,TC5633-TCVV,TC5633-VVTK,VS7100-VVTK,VS7100-VVTK,VS7100-VVTK",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "0100b",
"versionType": "custom"
},
{
"status": "affected",
"version": "0100e"
},
{
"status": "affected",
"version": "0100e1"
},
{
"status": "affected",
"version": "0100e2"
},
{
"status": "affected",
"version": "0100f"
},
{
"status": "affected",
"version": "0100g"
},
{
"status": "affected",
"version": "0100i"
},
{
"status": "affected",
"version": "0101c"
},
{
"status": "affected",
"version": "0103c"
},
{
"status": "affected",
"version": "0199z"
},
{
"status": "affected",
"version": "0200a"
},
{
"status": "affected",
"version": "0200b"
},
{
"status": "affected",
"version": "0200c"
},
{
"status": "affected",
"version": "0200g"
},
{
"status": "affected",
"version": "0201a"
},
{
"status": "affected",
"version": "0201a1"
},
{
"status": "affected",
"version": "0201c"
},
{
"status": "affected",
"version": "0201k"
},
{
"status": "affected",
"version": "0202a"
},
{
"status": "affected",
"version": "0202b"
},
{
"status": "affected",
"version": "0203a"
},
{
"status": "affected",
"version": "0300a"
},
{
"status": "affected",
"version": "0300b"
},
{
"status": "affected",
"version": "0301b3"
},
{
"status": "affected",
"version": "0302a"
},
{
"status": "affected",
"version": "0302c"
},
{
"status": "affected",
"version": "0400a"
},
{
"status": "affected",
"version": "0400b"
},
{
"status": "affected",
"version": "0401a"
},
{
"status": "affected",
"version": "0500a"
},
{
"status": "affected",
"version": "0500b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Larry W. Cashdollar"
}
],
"datePublic": "2025-11-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Legacy Vivotek Device firmware uses default credetials for the root and user login accounts."
}
],
"value": "Legacy Vivotek Device firmware uses default credetials for the root and user login accounts."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Public"
}
],
"value": "Public"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T12:30:32.854Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"url": "https://www.akamai.com/blog/security-research/rce-zero-day-in-legacy-vivotek-firmware"
},
{
"url": "http://www.vapidlabs.com/advisory.php?v=219"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of default login credentials in Legacy Vivotek Devices",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2025-12592",
"datePublished": "2025-11-19T12:30:32.854Z",
"dateReserved": "2025-11-01T12:15:08.915Z",
"dateUpdated": "2025-11-19T16:07:56.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3403 (GCVE-0-2025-3403)
Vulnerability from cvelistv5 – Published: 2025-04-08 03:00 – Updated: 2025-04-08 18:24
VLAI?
Title
Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P HTML Form sensitive information in source
Summary
A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Vivotek | NVR ND8422P |
Affected:
2.4.0.204
Affected: 3.3.0.104 Affected: 4.2.0.101 |
||||||||||||
|
||||||||||||||
Credits
Syrtain (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3403",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T15:46:08.310718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T18:24:22.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lfparizzi/CVE-VIVOTEK-ID/blob/main/README.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTML Form Handler"
],
"product": "NVR ND8422P",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "2.4.0.204"
},
{
"status": "affected",
"version": "3.3.0.104"
},
{
"status": "affected",
"version": "4.2.0.101"
}
]
},
{
"modules": [
"HTML Form Handler"
],
"product": "NVR ND9525P",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "2.4.0.204"
},
{
"status": "affected",
"version": "3.3.0.104"
},
{
"status": "affected",
"version": "4.2.0.101"
}
]
},
{
"modules": [
"HTML Form Handler"
],
"product": "NVR ND9541P",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "2.4.0.204"
},
{
"status": "affected",
"version": "3.3.0.104"
},
{
"status": "affected",
"version": "4.2.0.101"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Syrtain (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Komponente HTML Form Handler. Durch Manipulation mit unbekannten Daten kann eine inclusion of sensitive information in source code-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "Inclusion of Sensitive Information in Source Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T03:00:11.278Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303648 | Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P HTML Form sensitive information in source",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.303648"
},
{
"name": "VDB-303648 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303648"
},
{
"name": "Submit #543589 | VIVOTEK NVR Core + 4.2.0.101 and below Cleartext Storage of Sensitive Information in GUI",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.543589"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lfparizzi/CVE-VIVOTEK-ID/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-07T12:27:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P HTML Form sensitive information in source"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3403",
"datePublished": "2025-04-08T03:00:11.278Z",
"dateReserved": "2025-04-07T10:22:01.598Z",
"dateUpdated": "2025-04-08T18:24:22.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14458 (GCVE-0-2019-14458)
Vulnerability from cvelistv5 – Published: 2019-09-18 17:42 – Updated: 2024-08-05 00:19
VLAI?
Summary
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vivotek.com/cybersecurity"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T17:42:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vivotek.com/cybersecurity"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivotek.com/cybersecurity",
"refsource": "MISC",
"url": "https://www.vivotek.com/cybersecurity"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14458",
"datePublished": "2019-09-18T17:42:08",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10256 (GCVE-0-2019-10256)
Vulnerability from cvelistv5 – Published: 2019-09-10 18:02 – Updated: 2024-08-04 22:17
VLAI?
Summary
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vivotek.com/cybersecurity"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-001-v1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T18:02:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vivotek.com/cybersecurity"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-001-v1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivotek.com/cybersecurity",
"refsource": "MISC",
"url": "https://www.vivotek.com/cybersecurity"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-001-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-001-v1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10256",
"datePublished": "2019-09-10T18:02:45",
"dateReserved": "2019-03-28T00:00:00",
"dateUpdated": "2024-08-04T22:17:19.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14457 (GCVE-0-2019-14457)
Vulnerability from cvelistv5 – Published: 2019-09-10 17:48 – Updated: 2024-08-05 00:19
VLAI?
Summary
VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T17:48:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14457",
"datePublished": "2019-09-10T17:48:48",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18244 (GCVE-0-2018-18244)
Vulnerability from cvelistv5 – Published: 2019-01-03 20:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-03T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18244",
"datePublished": "2019-01-03T20:00:00",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18004 (GCVE-0-2018-18004)
Vulnerability from cvelistv5 – Published: 2019-01-03 20:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-03T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18004",
"datePublished": "2019-01-03T20:00:00",
"dateReserved": "2018-10-05T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18005 (GCVE-0-2018-18005)
Vulnerability from cvelistv5 – Published: 2019-01-03 20:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-03T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18005",
"datePublished": "2019-01-03T20:00:00",
"dateReserved": "2018-10-05T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14771 (GCVE-0-2018-14771)
Vulnerability from cvelistv5 – Published: 2018-09-05 21:00 – Updated: 2024-08-05 09:38
VLAI?
Summary
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-05T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivotek.com/website/support/cybersecurity/",
"refsource": "MISC",
"url": "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14771",
"datePublished": "2018-09-05T21:00:00",
"dateReserved": "2018-07-31T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14769 (GCVE-0-2018-14769)
Vulnerability from cvelistv5 – Published: 2018-09-05 21:00 – Updated: 2024-08-05 09:38
VLAI?
Summary
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vivotek.com/website/support/cybersecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-05T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vivotek.com/website/support/cybersecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf"
},
{
"name": "https://www.vivotek.com/website/support/cybersecurity",
"refsource": "MISC",
"url": "https://www.vivotek.com/website/support/cybersecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14769",
"datePublished": "2018-09-05T21:00:00",
"dateReserved": "2018-07-31T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14770 (GCVE-0-2018-14770)
Vulnerability from cvelistv5 – Published: 2018-09-05 21:00 – Updated: 2024-08-05 09:38
VLAI?
Summary
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-05T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivotek.com/website/support/cybersecurity/",
"refsource": "MISC",
"url": "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14770",
"datePublished": "2018-09-05T21:00:00",
"dateReserved": "2018-07-31T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14768 (GCVE-0-2018-14768)
Vulnerability from cvelistv5 – Published: 2018-08-29 19:00 – Updated: 2024-08-05 09:38
VLAI?
Summary
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vivotek.com/website/support/cybersecurity/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vivotek.com/website/support/cybersecurity/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
},
{
"name": "https://www.vivotek.com/website/support/cybersecurity/",
"refsource": "CONFIRM",
"url": "https://www.vivotek.com/website/support/cybersecurity/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14768",
"datePublished": "2018-08-29T19:00:00",
"dateReserved": "2018-07-31T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4771 (GCVE-0-2008-4771)
Vulnerability from cvelistv5 – Published: 2008-10-28 18:00 – Updated: 2024-08-07 10:31
VLAI?
Summary
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29145"
},
{
"name": "vivotek-rtspvapgdecodernew-activex-bo(40867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40867"
},
{
"name": "43007",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43007"
},
{
"name": "29131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29131"
},
{
"name": "29146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29146"
},
{
"name": "4xem-vatdecoder-activex-bo(40864)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40864"
},
{
"name": "ADV-2008-0687",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0687/references"
},
{
"name": "ADV-2008-0685",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0685/references"
},
{
"name": "28010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28010"
},
{
"name": "dlink-vapgdecoder-activex-bo(40863)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40863"
},
{
"name": "42378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42378"
},
{
"name": "5193",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5193"
},
{
"name": "ADV-2008-0686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0686/references"
},
{
"name": "4517",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29145"
},
{
"name": "vivotek-rtspvapgdecodernew-activex-bo(40867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40867"
},
{
"name": "43007",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43007"
},
{
"name": "29131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29131"
},
{
"name": "29146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29146"
},
{
"name": "4xem-vatdecoder-activex-bo(40864)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40864"
},
{
"name": "ADV-2008-0687",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0687/references"
},
{
"name": "ADV-2008-0685",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0685/references"
},
{
"name": "28010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28010"
},
{
"name": "dlink-vapgdecoder-activex-bo(40863)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40863"
},
{
"name": "42378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42378"
},
{
"name": "5193",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5193"
},
{
"name": "ADV-2008-0686",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0686/references"
},
{
"name": "4517",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29145"
},
{
"name": "vivotek-rtspvapgdecodernew-activex-bo(40867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40867"
},
{
"name": "43007",
"refsource": "OSVDB",
"url": "http://osvdb.org/43007"
},
{
"name": "29131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29131"
},
{
"name": "29146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29146"
},
{
"name": "4xem-vatdecoder-activex-bo(40864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40864"
},
{
"name": "ADV-2008-0687",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0687/references"
},
{
"name": "ADV-2008-0685",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0685/references"
},
{
"name": "28010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28010"
},
{
"name": "dlink-vapgdecoder-activex-bo(40863)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40863"
},
{
"name": "42378",
"refsource": "OSVDB",
"url": "http://osvdb.org/42378"
},
{
"name": "5193",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5193"
},
{
"name": "ADV-2008-0686",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0686/references"
},
{
"name": "4517",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4771",
"datePublished": "2008-10-28T18:00:00",
"dateReserved": "2008-10-28T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3167 (GCVE-0-2007-3167)
Vulnerability from cvelistv5 – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vivotek-jpegcontrol-bo(34615)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34615"
},
{
"name": "39230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39230"
},
{
"name": "4015",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4015"
},
{
"name": "24245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vivotek-jpegcontrol-bo(34615)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34615"
},
{
"name": "39230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39230"
},
{
"name": "4015",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4015"
},
{
"name": "24245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vivotek-jpegcontrol-bo(34615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34615"
},
{
"name": "39230",
"refsource": "OSVDB",
"url": "http://osvdb.org/39230"
},
{
"name": "4015",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4015"
},
{
"name": "24245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3167",
"datePublished": "2007-06-11T22:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}