Vulnerabilities > Vivotek > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-28 CVE-2020-11949 Information Exposure vulnerability in Vivotek products
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem.
network
low complexity
vivotek CWE-200
4.0
2020-01-24 CVE-2013-1597 Path Traversal vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
network
low complexity
vivotek CWE-22
4.0
2020-01-24 CVE-2013-1596 Improper Authentication vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.
network
low complexity
vivotek CWE-287
5.0
2020-01-24 CVE-2013-1594 Information Exposure vulnerability in Vivotek Pt7135 Firmware 0300A/0400A
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
network
low complexity
vivotek CWE-200
5.0
2019-12-27 CVE-2013-4985 Incorrect Authorization vulnerability in Vivotek Ip7160 Firmware, Ip7361 Firmware and Ip8332 Firmware
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
network
low complexity
vivotek CWE-863
5.0
2019-01-03 CVE-2018-18244 Cross-site Scripting vulnerability in Vivotek Camera
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.
network
vivotek CWE-79
4.3
2019-01-03 CVE-2018-18005 Cross-site Scripting vulnerability in Vivotek Camera
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
network
vivotek CWE-79
4.3
2019-01-03 CVE-2018-18004 Missing Authorization vulnerability in Vivotek Camera
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
network
low complexity
vivotek CWE-862
5.0
2018-09-05 CVE-2018-14769 Cross-Site Request Forgery (CSRF) vulnerability in Vivotek Camera
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.
network
vivotek CWE-352
6.8
2017-06-23 CVE-2017-9829 Path Traversal vulnerability in Vivotek products
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences.
network
low complexity
vivotek CWE-22
5.0