cbcvebase.

Vivotek Fd8136 Firmware vulnerabilities

9 known vulnerabilities affecting vivotek/fd8136_firmware.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-30650P2HIGHCVSS 8.8v0300a2026-06-02
CVE-2026-30650 [HIGH] CWE-120 CVE-2026-30650: A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cg A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.
nvd
CVE-2018-14496P2CRITICALCVSS 9.8v0301a2019-07-10
CVE-2018-14496 [CRITICAL] CWE-787 CVE-2018-14496: Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-b Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
nvd
CVE-2026-30652P2HIGHCVSS 8.8v0300a2026-06-02
CVE-2026-30652 [HIGH] CWE-120 CVE-2026-30652: A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin i A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.
nvd
CVE-2018-14495P2CRITICALCVSS 9.8v0301a2019-07-10
CVE-2018-14495 [CRITICAL] CVE-2018-14495: Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
nvd
CVE-2018-14494P3CRITICALCVSS 9.8v0301a2019-07-10
CVE-2018-14494 [CRITICAL] CWE-78 CVE-2018-14494: Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
nvd
CVE-2026-35717P3MEDIUMCVSS 6.3v0300a2026-06-02
CVE-2026-35717 [MEDIUM] CWE-121 CVE-2026-35717: A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VV A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export_language.cgi endpoint. The handler passes the attacker-controlled Content-Length value directly to fread() as the
nvd
CVE-2026-35716P3MEDIUMCVSS 6.3v0300a2026-06-02
CVE-2026-35716 [MEDIUM] CWE-121 CVE-2026-35716: A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVT A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or /cgi-bin/admin/setmd_profile.cgi endpoint (all symlinks to th
nvd
CVE-2026-30649P3HIGHCVSS 7.3v0300a2026-06-02
CVE-2026-30649 [HIGH] CWE-121 CVE-2026-30649: Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute a Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
nvd
CVE-2026-35718P3MEDIUMCVSS 6.5v0300a2026-06-02
CVE-2026-35718 [MEDIUM] CWE-22 CVE-2026-35718: A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.
nvd
Vivotek Fd8136 Firmware vulnerabilities | cvebase