Filtered by vendor Vivotek Subscriptions
Filtered by product Cc8160 Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-11950 1 Vivotek 400 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 397 more 2024-11-21 8.8 High
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.
CVE-2020-11949 1 Vivotek 388 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 385 more 2024-11-21 6.5 Medium
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.
CVE-2024-7440 1 Vivotek 2 Cc8160, Cc8160 Firmware 2024-08-07 6.3 Medium
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. The identifier VDB-273525 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
CVE-2024-7439 1 Vivotek 2 Cc8160, Cc8160 Firmware 2024-08-06 8.8 High
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.