CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18244
https://notcve.org/view.php?id=CVE-2018-18244
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. Cross-Site Scripting (XSS) en syslog.html en los productos VIVOTEK Network Camera Series con un firmware entre 0x06x y 0x08x permite a los atacantes remotos ejecutar código arbitrario JavaScript mediante una cabecera HTTP Referer. • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 0CVE-2018-14770
https://notcve.org/view.php?id=CVE-2018-14770
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). Los dispositivos VIVOTEK FD8177 en versiones anteriores a la XXXXXX-VVTK-xx06a permiten a los atacantes remotos ejecutar código arbitrario (problema 1 de 2) mediante la interfaz ONVIF (/onvif/device_service). • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf https://www.vivotek.com/website/support/cybersecurity •
CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 0CVE-2018-14771
https://notcve.org/view.php?id=CVE-2018-14771
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi. Los dispositivos VIVOTEK FD8177 en versiones anteriores a la XXXXXX-VVTK-xx06a permiten que los atacantes remotos ejecuten código arbitrario (problema 2 de 2) mediante eventscript.cgi. • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf https://www.vivotek.com/website/support/cybersecurity •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14769
https://notcve.org/view.php?id=CVE-2018-14769
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. Los dispositivos VIVOTEK FD8177 en versiones anteriores a la XXXXXX-VVTK-xx06a permiten Cross-Site Request Forgery (CSRF). • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf https://www.vivotek.com/website/support/cybersecurity • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14768
https://notcve.org/view.php?id=CVE-2018-14768
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. Varios dispositivos VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9* y SD9*, y otros dispositivos en versiones anteriores a la XXXXXX-VVTK-xx06a, permiten que los atacantes remotos ejecuten código arbitrario. • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf https://www.vivotek.com/website/support/cybersecurity •