CVE Catalog

CVE-2026-35718

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.72%

50th percentile - higher than 50% of all known CVEs

Summary

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.

Risk Assessment

The risk involves unauthorized reading of sensitive system files, configuration files, or user data, potentially leading to information disclosure and further attack escalation.

Recommendation

It is recommended to immediately update the firmware to the latest version and restrict access to the administrative panel to trusted IP addresses only.

Original NVD description (English source)

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS