CVE-2026-30650
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk44th percentile - higher than 44% of all known CVEs
Summary
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.
Risk Assessment
The organization faces complete compromise of the camera by an authenticated attacker, potentially leading to espionage, disruption of surveillance, or use of the device as an entry point into the internal network.
Recommendation
Immediately update the camera firmware to the latest version if a patch is available. In the meantime, restrict access to the admin interface to trusted IP addresses only and enforce strong passwords.
Original NVD description (English source)
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.

