Skip to main content

Vivotek FD8136 CVE-2026-30652

| EUVDEUVD-2026-33968 HIGH
Classic Buffer Overflow (CWE-120)
2026-06-02 mitre GHSA-qp5w-cf66-hcww
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 03, 2026 - 18:52 vuln.today
CVSS changed
Jun 03, 2026 - 18:52 NVD
8.8 (HIGH)
CVE Published
Jun 02, 2026 - 00:00 nvd
UNKNOWN (no severity yet)

DescriptionNVD

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.

AnalysisAI

Authenticated remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows attackers with valid admin-interface credentials to overflow a buffer in the /cgi-bin/dido/setdo.cgi endpoint and execute arbitrary code as root. No public exploit identified at time of analysis, though a vulnerability research repository on GitHub describes the issue, and EPSS estimates exploitation probability at 0.05% (17th percentile), suggesting low broad-scale exploitation interest despite the high CVSS 8.8 score.

Technical ContextAI

The Vivotek FD8136 is a fixed-dome network surveillance camera whose web administration interface exposes CGI handlers under /cgi-bin/dido/ for controlling digital input/output (DIDO) signaling. The setdo.cgi handler processes attacker-supplied parameters without proper bounds checking, leading to a classic CWE-120 (Classic Buffer Overflow / Buffer Copy without Checking Size of Input) condition in the camera's embedded HTTP service. Because the camera firmware runs CGI processes as root - typical of low-cost embedded Linux IP cameras - corrupting the stack or adjacent memory in this handler grants full device control. The CPE entry from the source (cpe:2.3:a:n/a:n/a) is non-informative and does not pin the affected component beyond what the description states.

RemediationAI

No vendor-released patch identified at time of analysis - the only vendor reference is the generic http://vivotek.com homepage, so administrators should contact Vivotek support or monitor the FD8136 product page for a firmware release superseding FD8136-VVTK-0300a. In the interim, compensating controls include placing affected cameras on an isolated management VLAN reachable only from a hardened jump host (trade-off: breaks any direct NVR/VMS integrations that bypass the segment), blocking inbound access to /cgi-bin/dido/setdo.cgi at an upstream reverse proxy or firewall (trade-off: disables remote DIDO automation features), rotating admin credentials and removing any low-privilege accounts that are not strictly required (since PR:L is the gating prerequisite), and disabling the camera's web interface entirely if device configuration is managed via ONVIF or a separate VMS. Defenders should also review the public research repository at https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2026-30652 for IOCs or detection signatures.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-36356 CRITICAL POC
9.1 May 05

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

Share

CVE-2026-30652 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy