Known Vulnerabilities for products from Vivotek
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Vivotek".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Vivotek can be found at device.report : Vivotek
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-11950 | VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to u... | 8.8 - HIGH | 2020-05-28 | 2020-06-02 |
| CVE-2020-11949 | testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Bet... | 6.5 - MEDIUM | 2020-05-28 | 2021-07-21 |
| CVE-2019-14458 | VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | 7.5 - HIGH | 2019-09-18 | 2020-08-24 |
| CVE-2019-14457 | VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. | 9.8 - CRITICAL | 2019-09-10 | 2021-07-21 |
| CVE-2019-10256 | An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. | 9.8 - CRITICAL | 2019-09-10 | 2020-08-24 |
| CVE-2018-18244 | Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote atta... | 6.1 - MEDIUM | 2019-01-03 | 2019-01-14 |
| CVE-2018-18005 | Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote ... | 6.1 - MEDIUM | 2019-01-03 | 2019-01-14 |
| CVE-2018-18004 | Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a al... | 5.3 - MEDIUM | 2019-01-03 | 2020-08-24 |
| CVE-2018-14771 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscri... | 8.8 - HIGH | 2018-09-05 | 2020-08-24 |
| CVE-2018-14770 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF... | 8.8 - HIGH | 2018-09-05 | 2020-08-24 |
| CVE-2018-14769 | VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | 8.8 - HIGH | 2018-09-05 | 2018-11-13 |
| CVE-2018-14768 | Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote... | 8.8 - HIGH | 2018-08-29 | 2020-08-24 |
| CVE-2018-14496 | ** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffe... | 9.8 - CRITICAL | 2019-07-10 | 2023-11-07 |
| CVE-2018-14495 | ** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our tar... | 9.8 - CRITICAL | 2019-07-10 | 2023-11-07 |
| CVE-2018-14494 | ** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a cl... | 9.8 - CRITICAL | 2019-07-10 | 2023-11-07 |
| CVE-2017-9829 | '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows rem... | 7.5 - HIGH | 2017-06-23 | 2017-07-05 |
| CVE-2017-9828 | '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command inje... | 9.8 - CRITICAL | 2017-06-23 | 2019-10-03 |
| CVE-2013-4985 | Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream | 7.5 - HIGH | 2019-12-27 | 2020-01-17 |
| CVE-2013-1598 | A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the far... | 8.8 - HIGH | 2020-01-24 | 2020-01-31 |
| CVE-2013-1597 | A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, ... | 6.5 - MEDIUM | 2020-01-24 | 2020-01-27 |
Known software with vulnerabilities from Vivotek
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Vivotek | Camera | - |
| Hardware | Vivotek | Cc8160 | - |
| Hardware | Vivotek | Cc8160hs | - |
| Operating System | Vivotek | Cc8160hs Firmware | 0113b |
| Operating System | Vivotek | Cc8160 Firmware | 0113b |
| Hardware | Vivotek | Cc8370-hv | - |
| Operating System | Vivotek | Cc8370-hv Firmware | 0213b |
| Hardware | Vivotek | Cc8371-hv | - |
| Operating System | Vivotek | Cc8371-hv Firmware | 0113b |
| Hardware | Vivotek | Cc9381-hv | - |
| Operating System | Vivotek | Cc9381-hv Firmware | 0222g |
| Hardware | Vivotek | Cd8371-hntv | - |
| Operating System | Vivotek | Cd8371-hntv Firmware | 0113b |
| Hardware | Vivotek | Cd8371-hnvf2 | - |
| Operating System | Vivotek | Cd8371-hnvf2 Firmware | 0113b |
| Hardware | Vivotek | Fd8166a | - |
| Operating System | Vivotek | Fd8166a Firmware | 0213b |
| Hardware | Vivotek | Fd8166a-n | - |
| Operating System | Vivotek | Fd8166a-n Firmware | 0113b |
| Hardware | Vivotek | Fd8167a | - |