Path Traversal Vulnerability in VIVOTEK INC FD8136-VVTK Firmware
CVE-2026-35718
6.5MEDIUM
What is CVE-2026-35718?
A path traversal vulnerability exists in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware version 0300a. This vulnerability allows authenticated attackers to construct specially crafted requests that can read arbitrary files on the device. Such access can expose sensitive information stored within the device, posing significant security risks to users.
