Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-28	CVE-2020-11949	Unspecified vulnerability in Vivotek products testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. network low complexity vivotek	6.5
2020-01-24	CVE-2013-1597	Path Traversal vulnerability in Vivotek Pt7135 Firmware 0300A/0400A A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. network low complexity vivotek CWE-22	6.5
2020-01-24	CVE-2013-1596	Improper Authentication vulnerability in Vivotek Pt7135 Firmware 0300A/0400A An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. network low complexity vivotek CWE-287	5.3
2019-01-03	CVE-2018-18244	Cross-site Scripting vulnerability in Vivotek Camera Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. network low complexity vivotek CWE-79	6.1
2019-01-03	CVE-2018-18005	Cross-site Scripting vulnerability in Vivotek Camera Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. network low complexity vivotek CWE-79	6.1
2019-01-03	CVE-2018-18004	Missing Authorization vulnerability in Vivotek Camera Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter. network low complexity vivotek CWE-862	5.3