CVSS: 5.1EPSS: 0%CPEs: 9EXPL: 1CVE-2025-3403 – Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P HTML Form sensitive information in source
https://notcve.org/view.php?id=CVE-2025-3403
08 Apr 2025 — A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. • https://github.com/lfparizzi/CVE-VIVOTEK-ID/blob/main/README.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2024-7443 – Vivotek IB8367A upload_file.cgi getenv command injection
https://notcve.org/view.php?id=CVE-2024-7443
03 Aug 2024 — A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-273528. • https://vuldb.com/?id.273528 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-7442 – Vivotek SD9364 upload_file.cgi getenv command injection
https://notcve.org/view.php?id=CVE-2024-7442
03 Aug 2024 — A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. The attack may be initiated remotely. • https://vuldb.com/?ctiid.273527 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7441 – Vivotek SD9364 httpd read stack-based overflow
https://notcve.org/view.php?id=CVE-2024-7441
03 Aug 2024 — A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack can be initiated remotely. • https://vuldb.com/?ctiid.273526 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2024-7440 – Vivotek CC8160 upload_file.cgi getenv command injection
https://notcve.org/view.php?id=CVE-2024-7440
03 Aug 2024 — A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.273525 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7439 – Vivotek CC8160 httpd read stack-based overflow
https://notcve.org/view.php?id=CVE-2024-7439
03 Aug 2024 — A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.273524 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2024-26548
https://notcve.org/view.php?id=CVE-2024-26548
29 Feb 2024 — An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component. Un problema en vivotek Network Camera v.FD8166A-VVTK-0204j permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el componente upload_file.cgi. • https://github.com/cwh031600/vivotek/blob/main/vivotek-FD8166A-uploadfile-dos/vivotek-FD8166A-uploadfile-analysis.md •
CVSS: 9.0EPSS: 1%CPEs: 414EXPL: 0CVE-2020-11950
https://notcve.org/view.php?id=CVE-2020-11950
28 May 2020 — VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices. Las Cámaras de Red VIVOTEK versiones anteriores a XXXXX-VVTK-2.2002.xx.01x (y antes anteriores a XXXXX-VVTK-0XXXX_Beta2), permiten a un usuario autenticado cargar y ejecutar un script (con una ejecución resultante de comandos de Sistema Operativo). Por ejemplo, esto afect... • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 388EXPL: 0CVE-2020-11949
https://notcve.org/view.php?id=CVE-2020-11949
28 May 2020 — testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices. El archivo testserver.cgi del servicio web en las Cámaras de Red VIVOTEK versiones anteriores a XXXXX-VVTK-2.2002.xx.01x (y anteriores a XXXXX-VVTK-0XXXX_Beta2), permite a un usuario autenticado obtener archivos arbitrarios del sistema de archivos l... • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14458
https://notcve.org/view.php?id=CVE-2019-14458
18 Sep 2019 — VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. Los dispositivos VIVOTEK IP Camera con versión de firmware anterior a 0x20x, permiten una denegación de servicio por medio de un encabezado HTTP diseñado. • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf •