CVE Catalog

CVE-2026-30652

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

41th percentile - higher than 41% of all known CVEs

Summary

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.

Risk Assessment

The organization is at risk of complete compromise of the camera by an authenticated attacker, potentially leading to espionage, sabotage, or use of the device as an entry point into the internal network.

Recommendation

Immediately update the firmware of Vivotek FD8136 cameras to the latest version if available, or restrict access to the admin interface to trusted networks and users only.

Original NVD description (English source)

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS