Vulnerabilities > Vivotek > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-28 CVE-2020-11949 Unspecified vulnerability in Vivotek products
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem.
network
low complexity
vivotek
6.5
2020-01-24 CVE-2013-1597 Path Traversal vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
network
low complexity
vivotek CWE-22
6.5
2020-01-24 CVE-2013-1596 Improper Authentication vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.
network
low complexity
vivotek CWE-287
5.3
2019-01-03 CVE-2018-18244 Cross-site Scripting vulnerability in Vivotek Camera
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.
network
low complexity
vivotek CWE-79
6.1
2019-01-03 CVE-2018-18005 Cross-site Scripting vulnerability in Vivotek Camera
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
network
low complexity
vivotek CWE-79
6.1
2019-01-03 CVE-2018-18004 Missing Authorization vulnerability in Vivotek Camera
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
network
low complexity
vivotek CWE-862
5.3