Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.
AnalysisAI
Authenticated remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows attackers with valid admin-interface credentials to overflow a buffer in the /cgi-bin/dido/setdo.cgi endpoint and execute arbitrary code as root. No public exploit identified at time of analysis, though a vulnerability research repository on GitHub describes the issue, and EPSS estimates exploitation probability at 0.05% (17th percentile), suggesting low broad-scale exploitation interest despite the high CVSS 8.8 score.
Technical ContextAI
The Vivotek FD8136 is a fixed-dome network surveillance camera whose web administration interface exposes CGI handlers under /cgi-bin/dido/ for controlling digital input/output (DIDO) signaling. The setdo.cgi handler processes attacker-supplied parameters without proper bounds checking, leading to a classic CWE-120 (Classic Buffer Overflow / Buffer Copy without Checking Size of Input) condition in the camera's embedded HTTP service. Because the camera firmware runs CGI processes as root - typical of low-cost embedded Linux IP cameras - corrupting the stack or adjacent memory in this handler grants full device control. The CPE entry from the source (cpe:2.3:a:n/a:n/a) is non-informative and does not pin the affected component beyond what the description states.
RemediationAI
No vendor-released patch identified at time of analysis - the only vendor reference is the generic http://vivotek.com homepage, so administrators should contact Vivotek support or monitor the FD8136 product page for a firmware release superseding FD8136-VVTK-0300a. In the interim, compensating controls include placing affected cameras on an isolated management VLAN reachable only from a hardened jump host (trade-off: breaks any direct NVR/VMS integrations that bypass the segment), blocking inbound access to /cgi-bin/dido/setdo.cgi at an upstream reverse proxy or firewall (trade-off: disables remote DIDO automation features), rotating admin credentials and removing any low-privilege accounts that are not strictly required (since PR:L is the gating prerequisite), and disabling the camera's web interface entirely if device configuration is managed via ONVIF or a separate VMS. Defenders should also review the public research repository at https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2026-30652 for IOCs or detection signatures.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33968
GHSA-qp5w-cf66-hcww