Vulnerabilities > Vivotek

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2018-18005 Cross-site Scripting vulnerability in Vivotek Camera
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
network
low complexity
vivotek CWE-79
6.1
6.1
2019-01-03 CVE-2018-18004 Missing Authorization vulnerability in Vivotek Camera
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
network
low complexity
vivotek CWE-862
5.3
5.3
2018-09-05 CVE-2018-14771 Unspecified vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
network
low complexity
vivotek
8.8
8.8
2018-09-05 CVE-2018-14770 Unspecified vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
network
low complexity
vivotek
8.8
8.8
2018-09-05 CVE-2018-14769 Cross-Site Request Forgery (CSRF) vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
network
low complexity
vivotek CWE-352
8.8
8.8
2018-08-29 CVE-2018-14768 Unspecified vulnerability in Vivotek Camera
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
network
low complexity
vivotek
8.8
8.8
2017-06-23 CVE-2017-9829 Path Traversal vulnerability in Vivotek products
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences.
network
low complexity
vivotek CWE-22
7.5
7.5
2017-06-23 CVE-2017-9828 OS Command Injection vulnerability in Vivotek products
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request.
network
low complexity
vivotek CWE-78
critical
 9.8
9.8