Authentication Bypass Vulnerability in Vivotek IP7137 Camera
CVE-2025-66050

9.3CRITICAL

Key Information:

Vendor: Vivotek
Status: Ip7137
Vendor: CVE Published:; 9 January 2026

What is CVE-2025-66050?

The Vivotek IP7137 camera exhibits an authentication bypass vulnerability where the device allows administrative access without requiring a password by default. While users can configure a password, the system fails to alert them to this requirement, leaving the device unnecessarily exposed. With the product having entered its End-of-Life phase, there are no forthcoming updates to address this significant security oversight, potentially affecting all firmware versions of the camera.

Affected Version(s)

IP7137 0200a

References

https://cert.pl/posts/2026/01/CVE-2025-66049

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 9, 2026
Vulnerability Reserved
Nov 21, 2025

Credit

Szymon Paszun

JSON