Remote Code Execution Vulnerability in Vivotek Network Cameras
CVE-2024-26548

9.8CRITICAL

Key Information:

Vendor: Vivotek
Status: Network Camera
Vendor: CVE Published:; 29 February 2024

What is CVE-2024-26548?

A remote code execution vulnerability has been identified in the Vivotek FD8166A Network Camera version VVTK-0204j. The flaw allows attackers to execute arbitrary code by sending a specially crafted payload through the upload_file.cgi component. This vulnerability can potentially lead to unauthorized control over the device, compromising its security and functionality. It is crucial for users to apply necessary patches and monitoring to safeguard against exploitation.

References

https://github.com/cwh031600/vivotek/blob/main/vivotek-FD...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 19, 2024