Vulnerabilities > Vivotek > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-09-05 CVE-2018-14771 Unspecified vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
network
low complexity
vivotek
critical
9.0
2018-09-05 CVE-2018-14770 Unspecified vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
network
low complexity
vivotek
critical
9.0
2018-08-29 CVE-2018-14768 Unspecified vulnerability in Vivotek Camera
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
network
low complexity
vivotek
critical
9.0
2017-06-23 CVE-2017-9828 OS Command Injection vulnerability in Vivotek products
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request.
network
low complexity
vivotek CWE-78
critical
10.0
2008-10-28 CVE-2008-4771 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property.
network
4xem d-link vivotek CWE-119
critical
9.3