CVE-2026-30652
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk41th percentile - higher than 41% of all known CVEs
Summary
A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.
Risk Assessment
The organization is at risk of complete compromise of the camera by an authenticated attacker, potentially leading to espionage, sabotage, or use of the device as an entry point into the internal network.
Recommendation
Immediately update the firmware of Vivotek FD8136 cameras to the latest version if available, or restrict access to the admin interface to trusted networks and users only.
Original NVD description (English source)
A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.

