CVE-2020-11950
HIGHVIVOTEK Network Cameras < 0222g - Authenticated OS Command Injection via Script Upload
Title source: llmDescription
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf
Scores
CVSS v3
8.8
EPSS
0.0268
EPSS Percentile
84.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (50)
vivotek/cc8160\(hs\)_firmware
< 0222g
vivotek/cc8160_firmware
< 0222g
vivotek/cc8370-hv_firmware
< 0222g
vivotek/cc8371-hv_firmware
< 0222g
vivotek/cc9381-hv_firmware
< 0222g
vivotek/cd8371-hntv_firmware
< 0222g
vivotek/cd8371-hnvf2_firmware
< 0222g
vivotek/fd8166a-n_firmware
< 0222g
vivotek/fd8166a_firmware
< 0222g
vivotek/fd8167a-s_firmware
< 0222g
... and 40 more
Published
May 28, 2020
Tracked Since
Feb 18, 2026