Vulnerabilities > Vivotek > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-28 | CVE-2020-11949 | Information Exposure vulnerability in Vivotek products testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. | 4.0 |
| 2020-01-24 | CVE-2013-1597 | Path Traversal vulnerability in Vivotek Pt7135 Firmware 0300A/0400A A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. | 4.0 |
| 2020-01-24 | CVE-2013-1596 | Improper Authentication vulnerability in Vivotek Pt7135 Firmware 0300A/0400A An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. | 5.0 |
| 2020-01-24 | CVE-2013-1594 | Information Exposure vulnerability in Vivotek Pt7135 Firmware 0300A/0400A An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. | 5.0 |
| 2019-12-27 | CVE-2013-4985 | Incorrect Authorization vulnerability in Vivotek Ip7160 Firmware, Ip7361 Firmware and Ip8332 Firmware Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream | 5.0 |
| 2019-01-03 | CVE-2018-18244 | Cross-site Scripting vulnerability in Vivotek Camera Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. | 4.3 |
| 2019-01-03 | CVE-2018-18005 | Cross-site Scripting vulnerability in Vivotek Camera Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. | 4.3 |
| 2019-01-03 | CVE-2018-18004 | Missing Authorization vulnerability in Vivotek Camera Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter. | 5.0 |
| 2018-09-05 | CVE-2018-14769 | Cross-Site Request Forgery (CSRF) vulnerability in Vivotek Camera VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | 6.8 |
| 2017-06-23 | CVE-2017-9829 | Path Traversal vulnerability in Vivotek products '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. | 5.0 |