CVE Catalog

CVE-2026-35716

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile - higher than 24% of all known CVEs

Summary

A stack-based buffer overflow in the motion_privacy.cgi binary of VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows an authenticated remote attacker to execute arbitrary code as root by sending a POST request with an oversized n1 parameter to one of three endpoints.

Risk Assessment

An attacker can gain full control over the IP camera, potentially accessing video streams, altering configuration, or using the device as an entry point into the organization's internal network.

Recommendation

Immediately update the VIVOTEK FD8136 firmware to the latest version if a patch is available. In the meantime, restrict access to the camera's management interface to trusted IP addresses and enforce strong authentication.

Original NVD description (English source)

A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or /cgi-bin/admin/setmd_profile.cgi endpoint (all symlinks to the same binary). The parameter value is copied into a fixed-size 0xa4-byte stack buffer without bounds checking, overwriting the saved link register. The binary is compiled without stack canaries.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS