Ip7137 Firmware
CVE-2025-66050
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.
AnalysisAI
Vivotek IP7137 camera ships without any admin password by default, and users are not informed they should set one. End-of-life product with no expected fix – all deployed cameras are likely exposed.
Technical ContextAI
The camera's admin interface has no password configured out of the box (CWE-1393). While a password can be set, the setup process does not prompt or require this. As an EOL product, no firmware updates will be released.
RemediationAI
Replace the camera. If replacement is not possible, set an admin password and restrict network access to the camera.
More in Ip7137 Firmware
View allVivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera foo
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "
Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated a
Same weakness CWE-1393 – Use of Default Password
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today