
CVE-2024-7440 – Vivotek CC8160 upload_file.cgi getenv command injection
https://notcve.org/view.php?id=CVE-2024-7440
03 Aug 2024 — A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.273525 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2024-7439 – Vivotek CC8160 httpd read stack-based overflow
https://notcve.org/view.php?id=CVE-2024-7439
03 Aug 2024 — A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.273524 • CWE-121: Stack-based Buffer Overflow •

CVE-2020-11950
https://notcve.org/view.php?id=CVE-2020-11950
28 May 2020 — VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices. Las Cámaras de Red VIVOTEK versiones anteriores a XXXXX-VVTK-2.2002.xx.01x (y antes anteriores a XXXXX-VVTK-0XXXX_Beta2), permiten a un usuario autenticado cargar y ejecutar un script (con una ejecución resultante de comandos de Sistema Operativo). Por ejemplo, esto afect... • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2020-11949
https://notcve.org/view.php?id=CVE-2020-11949
28 May 2020 — testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices. El archivo testserver.cgi del servicio web en las Cámaras de Red VIVOTEK versiones anteriores a XXXXX-VVTK-2.2002.xx.01x (y anteriores a XXXXX-VVTK-0XXXX_Beta2), permite a un usuario autenticado obtener archivos arbitrarios del sistema de archivos l... • http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf •