Vulnerabilities > Vivotek

DATE CVE VULNERABILITY TITLE RISK
2020-05-28 CVE-2020-11950 OS Command Injection vulnerability in Vivotek products
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands).
network
low complexity
vivotek CWE-78
critical
9.0
2020-05-28 CVE-2020-11949 Information Exposure vulnerability in Vivotek products
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem.
network
low complexity
vivotek CWE-200
4.0
2020-01-24 CVE-2013-1598 OS Command Injection vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
network
low complexity
vivotek CWE-78
critical
9.0
2020-01-24 CVE-2013-1597 Path Traversal vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
network
low complexity
vivotek CWE-22
4.0
2020-01-24 CVE-2013-1596 Improper Authentication vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.
network
low complexity
vivotek CWE-287
5.0
2020-01-24 CVE-2013-1595 Classic Buffer Overflow vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
network
low complexity
vivotek CWE-120
7.5
2020-01-24 CVE-2013-1594 Information Exposure vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
network
low complexity
vivotek CWE-200
5.0
2019-12-27 CVE-2013-4985 Incorrect Authorization vulnerability in Vivotek Ip7160 Firmware, Ip7361 Firmware and Ip8332 Firmware
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
network
low complexity
vivotek CWE-863
5.0
2019-09-18 CVE-2019-14458 Unspecified vulnerability in Vivotek Camera
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
network
low complexity
vivotek
7.8
2019-09-10 CVE-2019-10256 Unspecified vulnerability in Vivotek Camera
An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.
network
low complexity
vivotek
7.5