CVE-2026-30649
published 2026-06-02CVE-2026-30649: Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
PriorityP343high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
0.43%
34.2th percentile
Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vivotek | fd8136_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Vivotek FD8136-VVTK set_getparam.cgi buffer overflow
vuldb·2026-06-02
CVE-2026-30649 [CRITICAL] Vivotek FD8136-VVTK set_getparam.cgi buffer overflow
A vulnerability, which was classified as critical, was found in Vivotek FD8136-VVTK. Affected by this issue is some unknown functionality of the file set_getparam.cgi. Such manipulation leads to buffer overflow.
This vulnerability is documented as CVE-2026-30649. The attack can be executed remotely. There is not any exploit available.
GHSA
Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
ghsa_unreviewed·2026-06-02
CVE-2026-30649 [HIGH] CWE-121 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-02
Published