Description
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textwebappshardware
https://www.exploit-db.com/exploits/25139
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/59575
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/83946
Exploit, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities
Exploit, Third Party Advisory x_refsource_misc
https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/cve/CVE-2013-1598
Scores
CVSS v3
8.8
EPSS
0.3113
EPSS Percentile
96.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
vivotek/pt7135_firmware
0300a
vivotek/pt7135_firmware
0400a
Published
Jan 24, 2020
Tracked Since
Feb 18, 2026