Path Traversal Vulnerability in VIVOTEK INC FD8136-VVTK Firmware
CVE-2026-35718

6.5MEDIUM

Key Information:

Vendor
CVE Published:
2 June 2026

What is CVE-2026-35718?

A path traversal vulnerability exists in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware version 0300a. This vulnerability allows authenticated attackers to construct specially crafted requests that can read arbitrary files on the device. Such access can expose sensitive information stored within the device, posing significant security risks to users.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.