Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.
AnalysisAI
Remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows authenticated attackers to gain root-level command execution by triggering a buffer overflow in the /cgi-bin/admin/eventtask.cgi admin endpoint. Publicly available exploit code exists in a GitHub research repository, though EPSS scoring (0.09%, 25th percentile) suggests low observed exploitation activity and the CVE is not listed in CISA KEV.
Technical ContextAI
The flaw is a classic CWE-120 buffer copy without checking input size, residing in a CGI binary (eventtask.cgi) that handles event-task configuration within the camera's web administration interface. Vivotek FD8136 is a fixed-dome network surveillance camera that exposes a Linux-based embedded web server; CGI binaries on such devices typically run as root, which directly explains the high-impact outcome. Because the vulnerable code path lives in the admin CGI handler, exploitation requires interacting with the authenticated admin web interface over HTTP(S), and the unbounded copy almost certainly corrupts the stack of the CGI process, enabling control-flow hijack on a platform that usually lacks modern mitigations (ASLR/NX/stack canaries) common in embedded firmware of this generation.
RemediationAI
No vendor-released patch identified at time of analysis - neither the NVD entry nor the EUVD record cites a fixed firmware version, and the only vendor reference is the generic Vivotek homepage. Operators should check Vivotek's product support pages for a firmware update superseding FD8136-VVTK-0300a and apply it once published. In the interim, restrict reachability of the admin interface by placing cameras on a segmented management VLAN, blocking inbound access to /cgi-bin/admin/* from untrusted networks via an upstream reverse proxy or firewall ACL, and enforcing strong, unique admin credentials (since the bug is post-authentication, credential hygiene materially raises the bar). Disabling remote admin access entirely and managing the camera only from a jump host is the most robust compensating control; the trade-off is loss of remote configuration convenience. Researchers have published technical details at https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2026-30650, which defenders can use to build IDS/WAF signatures for oversized parameters to eventtask.cgi.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33967
GHSA-pxcx-h7gm-pxc9