Stack-based Buffer Overflow in VIVOTEK FD8136 Firmware
CVE-2026-35717
6.3MEDIUM
What is CVE-2026-35717?
The VIVOTEK FD8136 firmware contains a stack-based buffer overflow vulnerability within the export_language.cgi binary. Authenticated remote attackers can exploit this flaw by sending a specially crafted POST request to the /cgi-bin/admin/export_language.cgi endpoint. This vulnerability stems from the improper handling of the Content-Length value, which is directly passed to the fread() function as a size parameter, leading to potential overwriting of the stack's saved link register. Notably, the absence of stack canaries in the binary further exacerbates the risk, allowing attackers to execute arbitrary code with root privileges.
