CRITICAL🇵🇱 Wersja polska

CVE-2024-26548

CVSS 9.8v3.1pub. 2024-02-29upd. 2025-05-13

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.

🤖 AI Analysis
How it works

An attacker sends a specially crafted payload to the upload_file.cgi component available on the device. This component does not properly validate the transmitted data, which allows arbitrary code execution on the device side. The attack can be carried out remotely, without the need to possess any access credentials.

Impact

An attacker can gain full control over the device by executing arbitrary code at its level. The consequence can be a breach of data confidentiality and integrity as well as complete loss of camera availability.

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with the references. It is also recommended to restrict network access to the camera's management interface through a firewall or network segmentation to minimize exposure to potential attackers.

Who is affected

Vivotek Network Camera FD8166A with firmware version VVTK-0204j

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Vivotek Camera

    HW
    Vivotek
    wszystkie wersje
  • Vivotek Camera Firmware

    OS
    Vivotek
    v.fd8166a-vvtk-0204j
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2019-10256CRITICAL9.8ten sam produkt

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.

CVE-2019-14457CRITICAL9.8ten sam produkt

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP hea...

CVE-2019-14458HIGH7.5ten sam produkt

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.

CVE-2018-14769HIGH8.8ten sam produkt

VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF.

CVE-2018-14770HIGH8.8ten sam produkt

VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2...