Remote Command Injection Vulnerability in Vivotek FD8136 Devices
CVE-2018-14495

9.8CRITICAL

Key Information:

Vendor: Vivotek
Status: Fd8136 Firmware
Vendor: CVE Published:; 10 July 2019

What is CVE-2018-14495?

Vivotek FD8136 devices are susceptible to a remote command injection vulnerability that allows attackers to execute arbitrary commands on the device. This issue can be exploited to compromise the integrity of the device by sending specially crafted requests. The vendor has disputed the classification of this issue as a vulnerability, arguing that it does not lead to a crash or performance degradation. However, the potential for exploitation raises concerns about the security of Vivotek FD8136 devices in an IoT environment.

References

https://www.vdalabs.com/2018/07/23/professional-iot-hacki...

x_refsource_MISC

https://www.vdalabs.com/2018/08/06/professional-iot-hacki...

x_refsource_MISC

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2019
Vulnerability Reserved
Jul 21, 2018