Remote Code Execution Vulnerability in Various VIVOTEK Surveillance Devices
CVE-2018-14768

8.8HIGH

Key Information:

Vendor: Vivotek
Status: Camera
Vendor: CVE Published:; 29 August 2018

What is CVE-2018-14768?

VIVOTEK surveillance devices, including various models like FD8*, FD9*, and IB9*, are subject to a vulnerability that allows remote attackers to execute arbitrary code. This security flaw can occur without authentication, posing a significant risk to the integrity and security of the affected systems. Users are urged to review security advisories and apply patches to safeguard their devices against potential exploitation.

References

http://download.vivotek.com/downloadfile/support/cyber-se...

x_refsource_CONFIRM

https://www.vivotek.com/website/support/cybersecurity/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2018
Vulnerability Reserved
Jul 31, 2018

Vivotek

What is CVE-2018-14768?

References

CVSS V3.1

Timeline