Filtered by vendor Vivotek
Subscriptions
Filtered by product Cc8160
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-11950 | 1 Vivotek | 400 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 397 more | 2024-11-21 | 8.8 High |
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices. | ||||
CVE-2020-11949 | 1 Vivotek | 388 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 385 more | 2024-11-21 | 6.5 Medium |
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices. | ||||
CVE-2024-7440 | 1 Vivotek | 2 Cc8160, Cc8160 Firmware | 2024-08-07 | 6.3 Medium |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. The identifier VDB-273525 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | ||||
CVE-2024-7439 | 1 Vivotek | 2 Cc8160, Cc8160 Firmware | 2024-08-06 | 8.8 High |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. |
Page 1 of 1.