CVE-2018-14494
published 2019-07-10CVE-2018-14494: Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that…
PriorityP356critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.23%
86.7th percentile
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vivotek | fd8136_firmware | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8q8q-vh64-gvf8: Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2018-14495 [CRITICAL] CWE-78 GHSA-8q8q-vh64-gvf8: Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494.
GHSA
GHSA-vmg5-8mj7-8fr8: Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget
ghsa_unreviewed·2022-05-24
CVE-2018-14494 [CRITICAL] CWE-78 GHSA-vmg5-8mj7-8fr8: Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/
2019-07-10
Published