Vulnerabilities > Vivotek
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-10 | CVE-2019-14457 | Classic Buffer Overflow vulnerability in Vivotek Camera VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. | 7.5 |
| 2019-07-10 | CVE-2018-14496 | Out-of-bounds Write vulnerability in Vivotek Fd8136 Firmware 0301A Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. | 9.8 |
| 2019-07-10 | CVE-2018-14495 | OS Command Injection vulnerability in Vivotek Fd8136 Firmware 0301A Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. | 9.8 |
| 2019-07-10 | CVE-2018-14494 | OS Command Injection vulnerability in Vivotek Fd8136 Firmware 0301A Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. | 9.8 |
| 2019-01-03 | CVE-2018-18244 | Cross-site Scripting vulnerability in Vivotek Camera Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. | 4.3 |
| 2019-01-03 | CVE-2018-18005 | Cross-site Scripting vulnerability in Vivotek Camera Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. | 4.3 |
| 2019-01-03 | CVE-2018-18004 | Missing Authorization vulnerability in Vivotek Camera Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter. | 5.0 |
| 2018-09-05 | CVE-2018-14771 | Unspecified vulnerability in Vivotek Camera VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi. | 9.0 |
| 2018-09-05 | CVE-2018-14770 | Unspecified vulnerability in Vivotek Camera VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). | 9.0 |
| 2018-09-05 | CVE-2018-14769 | Cross-Site Request Forgery (CSRF) vulnerability in Vivotek Camera VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | 6.8 |