Vulnerabilities > Vivotek > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-28 | CVE-2020-11950 | OS Command Injection vulnerability in Vivotek products VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). | 8.8 |
| 2020-01-24 | CVE-2013-1598 | OS Command Injection vulnerability in Vivotek Pt7135 Firmware 0300A/0400A A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. | 8.8 |
| 2020-01-24 | CVE-2013-1594 | Information Exposure vulnerability in Vivotek Pt7135 Firmware 0300A/0400A An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. | 7.5 |
| 2019-12-27 | CVE-2013-4985 | Incorrect Authorization vulnerability in Vivotek Ip7160 Firmware, Ip7361 Firmware and Ip8332 Firmware Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream | 7.5 |
| 2019-09-18 | CVE-2019-14458 | Unspecified vulnerability in Vivotek Camera VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | 7.5 |
| 2018-09-05 | CVE-2018-14771 | Unspecified vulnerability in Vivotek Camera VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi. | 8.8 |
| 2018-09-05 | CVE-2018-14770 | Unspecified vulnerability in Vivotek Camera VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). | 8.8 |
| 2018-09-05 | CVE-2018-14769 | Cross-Site Request Forgery (CSRF) vulnerability in Vivotek Camera VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | 8.8 |
| 2018-08-29 | CVE-2018-14768 | Unspecified vulnerability in Vivotek Camera Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. | 8.8 |
| 2017-06-23 | CVE-2017-9829 | Path Traversal vulnerability in Vivotek products '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. | 7.5 |