Description
Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
Published: 2026-06-02
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic buffer overflow in the set_getparam.cgi component of VIVOTEK INC FD8136-VVTK-0300a firmware. An attacker who can reach the device’s web interface can supply an oversized payload that overwrites memory and gains arbitrary code execution, directly compromising the confidentiality, integrity, and availability of the device and any systems it connects to.

Affected Systems

VIVOTEK’s FD8136-VVTK-0300a camera firmware is affected. No specific firmware revisions are listed, so any deployment of this product model should be reviewed for the presence of the set_getparam.cgi component. Users should verify the firmware version and consult VIVOTEK documentation.

Risk and Exploitability

The risk is high because the flaw enables remote code execution via a web interface that is typically reachable over the network. No EPSS score is available, and the vulnerability is not in CISA’s KEV catalog, but the lack of mitigation data does not reduce the severity implied by the CVE description. Attackers can exploit this remotely without user interaction, making the window of opportunity large. Organizations should treat this as a critical threat.

Generated by OpenCVE AI on June 2, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to the latest release supplied by VIVOTEK that patches set_getparam.cgi.
  • Restrict external access to the device’s web interface by placing the device behind a firewall or VLAN and allowing only trusted management networks.
  • Disable the set_getparam.cgi service if not needed, or block the URL via the device’s access controls.
  • Apply network segmentation and monitor for suspicious traffic targeting CGI endpoints.

Generated by OpenCVE AI on June 2, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in VIVOTEK Camera Firmware Allows Remote Code Execution
Weaknesses CWE-119

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-02T14:40:29.584Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30649

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T16:16:35.213

Modified: 2026-06-02T17:20:35.733

Link: CVE-2026-30649

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T16:45:13Z

Weaknesses