High severity7.5NVD Advisory· Published Jun 23, 2017· Updated May 13, 2026

CVE-2017-9829

Description

'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.

Affected products

Vivotek/Network Camera Fd8164 Firmware
cpe:2.3:o:vivotek:network_camera_fd8164_firmware:fd8164-_vvtk-0200b:*:*:*:*:*:*:*
Vivotek/Network Camera Fd816ba Firmware
cpe:2.3:o:vivotek:network_camera_fd816ba_firmware:fd816ba-vvtk-010101.:*:*:*:*:*:*:*
Vivotek/Network Camera Ib8369 Firmware
cpe:2.3:o:vivotek:network_camera_ib8369_firmware:ib8369-vvtk-0102a:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20camerasnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000