Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00942.

Exploitation poc

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 unaffected
Version Status Constraints
0100a affected
0106a affected
0106b affected
0107a affected
0107b_1 affected
0109a affected
0112a affected
0113a affected
0113d affected
0117b affected
0119e affected
0120b affected
0121 affected
0121d affected
0121d_48573_1 affected
0122e affected
0124d_48573_1 affected
012501 affected
012502 affected
0125c affected

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Vivotek Subscribe
Fd8365 Subscribe
Fd8365v2 Subscribe
Fd9165 Subscribe
Fd9171 Subscribe
Fd9187 Subscribe
Fd9189 Subscribe
Fd9365 Subscribe
Fd9371 Subscribe
Fd9381 Subscribe
Fd9387 Subscribe
Fd9389 Subscribe
Fd9391 Subscribe
Fe9180 Subscribe
Fe9181 Subscribe
Fe9191 Subscribe
Fe9381 Subscribe
Fe9382 Subscribe
Fe9391 Subscribe
Fe9582 Subscribe
Ib93587lpr Subscribe
Ib9365 Subscribe
Ib9371 Subscribe
Ib9381 Subscribe
Ib9387 Subscribe
Ib9389 Subscribe
Ib939 Subscribe
Ip9165 Subscribe
Ip9171 Subscribe
Ip9172 Subscribe
Ip9181 Subscribe
Ip9191 Subscribe
It9389 Subscribe
Ma9321 Subscribe
Ma9322 Subscribe
Ms9321 Subscribe
Ms9390 Subscribe
Tb9330 Subscribe

Project Subscriptions

Vendors Products
Vivotek Subscribe
Fd8365 Subscribe
Fd8365v2 Subscribe
Fd9165 Subscribe
Fd9171 Subscribe
Fd9187 Subscribe
Fd9189 Subscribe
Fd9365 Subscribe
Fd9371 Subscribe
Fd9381 Subscribe
Fd9387 Subscribe
Fd9389 Subscribe
Fd9391 Subscribe
Fe9180 Subscribe
Fe9181 Subscribe
Fe9191 Subscribe
Fe9381 Subscribe
Fe9382 Subscribe
Fe9391 Subscribe
Fe9582 Subscribe
Ib93587lpr Subscribe
Ib9365 Subscribe
Ib9371 Subscribe
Ib9381 Subscribe
Ib9387 Subscribe
Ib9389 Subscribe
Ib939 Subscribe
Ip9165 Subscribe
Ip9171 Subscribe
Ip9172 Subscribe
Ip9181 Subscribe
Ip9191 Subscribe
It9389 Subscribe
Ma9321 Subscribe
Ma9322 Subscribe
Ms9321 Subscribe
Ms9390 Subscribe
Tb9330 Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.vapidlabs.com/advisory.php?v=220 cve-icon cve-icon
https://www.akamai.com/blog/security-research/command-injection-vivotek-legacy-firmware-need-to-know cve-icon cve-icon
History

Tue, 20 Jan 2026 20:45:00 +0000

Type Values Removed Values Added
Title Remote code injection via upload_map.cgi in Legacy Vivotek Devices Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi
References

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Vivotek
Vivotek fd8365
Vivotek fd8365v2
Vivotek fd9165
Vivotek fd9171
Vivotek fd9187
Vivotek fd9189
Vivotek fd9365
Vivotek fd9371
Vivotek fd9381
Vivotek fd9387
Vivotek fd9389
Vivotek fd9391
Vivotek fe9180
Vivotek fe9181
Vivotek fe9191
Vivotek fe9381
Vivotek fe9382
Vivotek fe9391
Vivotek fe9582
Vivotek ib93587lpr
Vivotek ib9365
Vivotek ib9371
Vivotek ib9381
Vivotek ib9387
Vivotek ib9389
Vivotek ib939
Vivotek ip9165
Vivotek ip9171
Vivotek ip9172
Vivotek ip9181
Vivotek ip9191
Vivotek it9389
Vivotek ma9321
Vivotek ma9322
Vivotek ms9321
Vivotek ms9390
Vivotek tb9330
Vendors & Products Vivotek
Vivotek fd8365
Vivotek fd8365v2
Vivotek fd9165
Vivotek fd9171
Vivotek fd9187
Vivotek fd9189
Vivotek fd9365
Vivotek fd9371
Vivotek fd9381
Vivotek fd9387
Vivotek fd9389
Vivotek fd9391
Vivotek fe9180
Vivotek fe9181
Vivotek fe9191
Vivotek fe9381
Vivotek fe9382
Vivotek fe9391
Vivotek fe9582
Vivotek ib93587lpr
Vivotek ib9365
Vivotek ib9371
Vivotek ib9381
Vivotek ib9387
Vivotek ib9389
Vivotek ib939
Vivotek ip9165
Vivotek ip9171
Vivotek ip9172
Vivotek ip9181
Vivotek ip9191
Vivotek it9389
Vivotek ma9321
Vivotek ma9322
Vivotek ms9321
Vivotek ms9390
Vivotek tb9330

Tue, 13 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Title Use of default login credentials in Legacy Vivotek Devices Remote code injection via upload_map.cgi in Legacy Vivotek Devices

Tue, 13 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.
Title Use of default login credentials in Legacy Vivotek Devices
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/U:Amber'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: larry_cashdollar

Published:

Updated: 2026-01-20T20:33:02.780Z

Reserved: 2026-01-09T14:27:11.646Z

Link: CVE-2026-22755

cve-icon Vulnrichment

Updated: 2026-01-13T15:29:47.058Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-01-13T15:16:01.193

Modified: 2026-01-20T21:16:07.330

Link: CVE-2026-22755

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-01-14T11:08:45Z

Weaknesses