Stack-based Buffer Overflow in VIVOTEK FD8136 Firmware
CVE-2026-35716
6.3MEDIUM
What is CVE-2026-35716?
The VIVOTEK FD8136 firmware contains a stack-based buffer overflow vulnerability in the motion_privacy.cgi binary. This issue allows authenticated remote attackers to send specially crafted POST requests, exploiting the oversized n1 parameter. By doing so, they can execute arbitrary code with root privileges. The vulnerability arises because the parameter value is copied into a fixed-size 0xa4-byte stack buffer without proper bounds checking. As a result, it overwrites the saved link register. Additionally, the binary is compiled without stack canaries, further increasing the risk of exploitation.
