Description
A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.
Published: 2026-06-02
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote buffer overflow exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras. The flaw can be exploited only by an authenticated user and permits execution of arbitrary code with root privileges on the device, making the camera fully compromised.

Affected Systems

Vivotek FD8136 series cameras running firmware version FD8136-VVTK-0300a.

Risk and Exploitability

The vulnerability has an EPSS score of less than 1% and is not listed in the CISA KEV catalog, indicating limited documented exploitation. The CVSS score is 8.8, signifying high severity, and the flaw requires authentication. Once authenticated, exploitation of the buffer overflow allows full control of the device, presenting a high impact scenario for the affected cameras.

Generated by OpenCVE AI on June 3, 2026 at 20:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an official firmware update that patches the buffer overflow (CWE-120) on the Vivotek FD8136 camera
  • Restrict administrative access to the camera’s web interface using firewall rules or VLAN segmentation
  • If necessary, disable the /cgi-bin/dido/setdo.cgi endpoint or disable all CGI functionality that is not required

Generated by OpenCVE AI on June 3, 2026 at 20:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Title Remote Buffer Overflow in Vivotek FD8136 Camera Admin Interface Allows Root Code Execution

Wed, 03 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Vivotek fd8136 Firmware
CPEs cpe:2.3:h:vivotek:fd8136:-:*:*:*:*:*:*:*
cpe:2.3:o:vivotek:fd8136_firmware:0300a:*:*:*:*:*:*:*
Vendors & Products Vivotek fd8136 Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title Remote Buffer Overflow in Vivotek FD8136 Camera Admin Interface Allows Root Code Execution
Weaknesses CWE-120

Tue, 02 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Vivotek
Vivotek fd8136
Vendors & Products Vivotek
Vivotek fd8136

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.
References

Subscriptions

Vivotek Fd8136 Fd8136 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-03T17:36:48.524Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30652

cve-icon Vulnrichment

Updated: 2026-06-03T17:36:29.399Z

cve-icon NVD

Status : Modified

Published: 2026-06-02T16:16:35.480

Modified: 2026-06-03T19:16:25.790

Link: CVE-2026-30652

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T21:00:06Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')