Path Traversal Vulnerability in Vivotek IP7137 Camera
CVE-2025-66051

6.9MEDIUM

Key Information:

Vendor: Vivotek
Status: Ip7137
Vendor: CVE Published:; 9 January 2026

What is CVE-2025-66051?

The Vivotek IP7137 camera with firmware version 0200a is susceptible to a path traversal vulnerability. This flaw allows an authenticated attacker to manipulate direct HTTP requests to access sensitive files beyond the webroot directory. Additionally, due to a related issue, the administration panel lacks a default password, further elevating the risk. Given that the product has reached its End-Of-Life phase, no patches or fixes are anticipated, leaving it exposed to potential exploitation.

Affected Version(s)

IP7137 0200a

References

https://cert.pl/posts/2026/01/CVE-2025-66049

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 9, 2026
Vulnerability Reserved
Nov 21, 2025

Credit

Szymon Paszun

JSON