CVE Catalog

CVE-2026-30650

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.60%

44th percentile - higher than 44% of all known CVEs

Summary

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.

Risk Assessment

The organization faces complete compromise of the camera by an authenticated attacker, potentially leading to espionage, disruption of surveillance, or use of the device as an entry point into the internal network.

Recommendation

Immediately update the camera firmware to the latest version if a patch is available. In the meantime, restrict access to the admin interface to trusted IP addresses only and enforce strong passwords.

Original NVD description (English source)

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS