Browse all 12 CVE security advisories affecting Vivotek. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Vivotek specializes in IP surveillance cameras and video management systems for security monitoring. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. The company has faced scrutiny for vulnerabilities in web interfaces and firmware that could allow unauthorized access or system compromise. While no major public security incidents have been widely documented, the 12 recorded CVEs highlight ongoing security challenges in their IoT devices, emphasizing the need for regular patching and network segmentation to mitigate potential exploitation risks in critical infrastructure deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-22755 | Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi — Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330CWE-77 | 9.8AI | CriticalAI | 2026-01-13 |
| CVE-2025-66052 | Command injection in Vivotek IP7137 cameras — IP7137CWE-78 | 7.2 | - | 2026-01-09 |
| CVE-2025-66051 | Path traversal in Vivotek IP7137 cameras — IP7137CWE-22 | 8.1 | - | 2026-01-09 |
| CVE-2025-66050 | No password set for administrative account in Vivotek IP7137 cameras — IP7137CWE-1393 | 9.8 | - | 2026-01-09 |
| CVE-2025-66049 | Unprotected RTSP stream in Vivotek IP7137 cameras — IP7137CWE-306 | 7.5 | - | 2026-01-09 |
| CVE-2025-12592 | Use of default login credentials in Legacy Vivotek Devices — Affected device model numbers are FD7131-VVTK,FD7131-VVTK,FD7131-VVTK,FD7141-VVTK,IP7131-VVTK,IP7133-VVTK,IP7133-VVTK,IP7133-VVTK,IP7134-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7138-VVTK,IP7142-VVTK,IP7142-VVTK,IP7151-VVTK,IP7152-VVTK,IP7153-VVTK,IP7153-VVTK,IP7154-VVTK,IP7330-VVTK,IP7330-VVTK,IP7330-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131W-VVTK,PT7135-VVTK,PT7137-TCON,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PZ7131-VVTK,PZ7131-VVTK,PZ71X1-VVTK,PZ71X1-VVTK,PZ71X2-VVTK,SD73X3-VVTK,SD73X3-VVTK,SD73X3-VVTK,TC5330-VVTK,TC5332-TCVV,TC5333-TCVV,TC5633-TCVV,TC5633-VVTK,VS7100-VVTK,VS7100-VVTK,VS7100-VVTKCWE-1392 | 9.8AI | CriticalAI | 2025-11-19 |
| CVE-2025-3403 | Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P HTML Form sensitive information in source — NVR ND8422PCWE-540 | 2.7 | Low | 2025-04-08 |
| CVE-2024-7443 | Vivotek IB8367A upload_file.cgi getenv command injection — IB8367ACWE-77 | 6.3 | Medium | 2024-08-03 |
| CVE-2024-7442 | Vivotek SD9364 upload_file.cgi getenv command injection — SD9364CWE-77 | 6.3 | Medium | 2024-08-03 |
| CVE-2024-7441 | Vivotek SD9364 httpd read stack-based overflow — SD9364CWE-121 | 8.8 | High | 2024-08-03 |
| CVE-2024-7440 | Vivotek CC8160 upload_file.cgi getenv command injection — CC8160CWE-77 | 6.3 | Medium | 2024-08-03 |
| CVE-2024-7439 | Vivotek CC8160 httpd read stack-based overflow — CC8160CWE-121 | 8.8 | High | 2024-08-03 |
This page lists every published CVE security advisory associated with Vivotek. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.