VYPR

Network Cameras

by Vivotek

CVEs (6)

  • CVE-2017-9828CriJun 23, 2017
    risk 0.70cvss 9.8epss 0.82

    '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK…

  • CVE-2017-9829HigJun 23, 2017
    risk 0.54cvss 7.5epss 0.69

    '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already…

  • CVE-2020-11950May 28, 2020
    risk 0.00cvss epss 0.03

    VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.

  • CVE-2018-18005Jan 3, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.

  • CVE-2018-18244Jan 3, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.

  • CVE-2018-18004Jan 3, 2019
    risk 0.00cvss epss 0.01

    Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.