VYPR
Vendor

Vivotek

Products
26
CVEs
42
Across products
55
Status
Private

Products

26

Recent CVEs

42
View all 42 CVEs →
  • CVE-2017-9828CriJun 23, 2017
    risk 0.70cvss 9.8epss 0.82

    '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK…

  • CVE-2026-22755CriJan 13, 2026
    risk 0.61cvss epss 0.21

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382,…

  • CVE-2026-30652HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.01

    A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.

  • CVE-2026-30650HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.01

    A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as…

  • CVE-2018-14771HigSep 5, 2018
    risk 0.57cvss 8.8epss 0.03

    VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.

  • CVE-2018-14770HigSep 5, 2018
    risk 0.57cvss 8.8epss 0.03

    VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).

  • CVE-2018-14769HigSep 5, 2018
    risk 0.57cvss 8.8epss 0.00

    VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.

  • CVE-2018-14768HigAug 29, 2018
    risk 0.57cvss 8.8epss 0.03

    Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.

  • CVE-2017-9829HigJun 23, 2017
    risk 0.54cvss 7.5epss 0.69

    '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already…

  • CVE-2026-30649HigJun 2, 2026
    risk 0.47cvss 7.3epss 0.00

    Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component

  • CVE-2026-35718MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.01

    A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.

  • CVE-2026-35716MedJun 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi,…

  • CVE-2026-35717MedJun 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export_language.cgi endpoint. The handler passes…

  • CVE-2025-3403LowApr 8, 2025
    risk 0.18cvss 2.7epss 0.00

    A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in…

  • CVE-2013-1598Jan 24, 2020
    risk 0.05cvss epss 0.20

    A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.

  • CVE-2013-1596Jan 24, 2020
    risk 0.05cvss epss 0.10

    An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.

  • CVE-2013-1594Jan 24, 2020
    risk 0.05cvss epss 0.07

    An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.

  • CVE-2013-1597Jan 24, 2020
    risk 0.04cvss epss 0.14

    A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.

  • CVE-2013-1595Jan 24, 2020
    risk 0.04cvss epss 0.42

    A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

  • CVE-2008-4771Oct 28, 2008
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly…