CVSS: 7.5EPSS: 27%CPEs: 6EXPL: 0CVE-2017-9829
https://notcve.org/view.php?id=CVE-2017-9829
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. '/cgi-bin/admin/downloadMedias.cgi' del servicio web en la mayoría de las VIVOTEK Network Cameras es vulnerable, lo que permite a un atacante remoto leer cualquier archivo del sistema de ficheros Linux de las cámaras mediante una solicitud HTTP manipulada que contenga secuencias "..". Esta vulnerabilidad ya esta verificada en VIVOTEK Network Camera IB8369/FD8164/FD816BA; muchas de la otras tienen un firmware similar que también puede ser afectado. • https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2017-9828
https://notcve.org/view.php?id=CVE-2017-9828
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter. '/cgi-bin/admin/testserver.cgi' del servicio web en la mayoría de las VIVOTEK Network Cameras es vulnerable a la inyección de un comando shell, lo que permite a un atacante remoto ejecutar cualquier comando shell como si fuera root mediante una solicitud HTTP manipulada. Esta vulnerabilidad ya esta verificada en VIVOTEK Network Camera IB8369/FD8164/FD816BA; muchas de las otras tienen un firmware similar que puede ser afectado. • https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 9%CPEs: 9EXPL: 3CVE-2013-4985 – Vivotek IP Cameras - RTSP Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-4985
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream Múltiples omisiones de autenticación remotas de Vivotek IP Cameras, que podría permitir acceso a la transmisión de video • https://www.exploit-db.com/exploits/29516 http://www.coresecurity.com/advisories/vivotek-ip-cameras-rtsp-authentication-bypass http://www.exploit-db.com/exploits/29516 http://www.securityfocus.com/bid/63541 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 4CVE-2013-1594 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1594
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text. Se presenta una vulnerabilidad de divulgación de información por medio de una petición GET en Vivotek PT7135 IP Camera versiones 0300a y 0400a, debido a claves inalámbricas y credenciales de terceros almacenadas en texto sin cifrar. • https://www.exploit-db.com/exploits/25139 http://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59572 https://exchange.xforce.ibmcloud.com/vulnerabilities/83943 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1594 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 13%CPEs: 3EXPL: 3CVE-2013-1596 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1596
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. Se presenta una Vulnerabilidad de Omisión de Autenticación en Vivotek PT7135 IP Camera versiones 0300a y 0400a, por medio de paquetes RTSP especialmente diseñados para el puerto TCP 554. • https://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59574 https://exchange.xforce.ibmcloud.com/vulnerabilities/83945 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1596 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-287: Improper Authentication •