Critical severity9.8NVD Advisory· Published Jun 23, 2017· Updated May 13, 2026

CVE-2017-9828

Description

'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.

Affected products

Vivotek/Network Camera Ib8369 Firmware
cpe:2.3:o:vivotek:network_camera_ib8369_firmware:ib8369-vvtk-0102a:*:*:*:*:*:*:*
Vivotek/Network Camera Fd8164 Firmware
cpe:2.3:o:vivotek:network_camera_fd8164_firmware:fd8164-_vvtk-0200b:*:*:*:*:*:*:*
Vivotek/Network Camera Fd816ba Firmware
cpe:2.3:o:vivotek:network_camera_fd816ba_firmware:fd816ba-vvtk-010101.:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20camerasnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.047
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000