Vulnerabilities > Vivotek > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-28 CVE-2020-11950 OS Command Injection vulnerability in Vivotek products
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands).
network
low complexity
vivotek CWE-78
8.8
2020-01-24 CVE-2013-1598 OS Command Injection vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
network
low complexity
vivotek CWE-78
8.8
2020-01-24 CVE-2013-1594 Information Exposure vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
network
low complexity
vivotek CWE-200
7.5
2019-12-27 CVE-2013-4985 Incorrect Authorization vulnerability in Vivotek Ip7160 Firmware, Ip7361 Firmware and Ip8332 Firmware
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
network
low complexity
vivotek CWE-863
7.5
2019-09-18 CVE-2019-14458 Unspecified vulnerability in Vivotek Camera
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.
network
low complexity
vivotek
7.5
2018-09-05 CVE-2018-14771 Unspecified vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
network
low complexity
vivotek
8.8
2018-09-05 CVE-2018-14770 Unspecified vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
network
low complexity
vivotek
8.8
2018-09-05 CVE-2018-14769 Cross-Site Request Forgery (CSRF) vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
network
low complexity
vivotek CWE-352
8.8
2018-08-29 CVE-2018-14768 Unspecified vulnerability in Vivotek Camera
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
network
low complexity
vivotek
8.8
2017-06-23 CVE-2017-9829 Path Traversal vulnerability in Vivotek products
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences.
network
low complexity
vivotek CWE-22
7.5