CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
28.4%
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera’s local filesystem. For example, this affects IT9388-HT devices.
Vendor | Product | Version | CPE |
---|---|---|---|
vivotek | cc9381-hv_firmware | * | cpe:2.3:o:vivotek:cc9381-hv_firmware:*:*:*:*:*:*:*:* |
vivotek | cc9381-hv | - | cpe:2.3:h:vivotek:cc9381-hv:-:*:*:*:*:*:*:* |
vivotek | fd9360-h_firmware | * | cpe:2.3:o:vivotek:fd9360-h_firmware:*:*:*:*:*:*:*:* |
vivotek | fd9360-h | - | cpe:2.3:h:vivotek:fd9360-h:-:*:*:*:*:*:*:* |
vivotek | fd9368-htv_firmware | * | cpe:2.3:o:vivotek:fd9368-htv_firmware:*:*:*:*:*:*:*:* |
vivotek | fd9368-htv | - | cpe:2.3:h:vivotek:fd9368-htv:-:*:*:*:*:*:*:* |
vivotek | fd9380-h_firmware | * | cpe:2.3:o:vivotek:fd9380-h_firmware:*:*:*:*:*:*:*:* |
vivotek | fd9380-h | - | cpe:2.3:h:vivotek:fd9380-h:-:*:*:*:*:*:*:* |
vivotek | fd9388-htv_firmware | * | cpe:2.3:o:vivotek:fd9388-htv_firmware:*:*:*:*:*:*:*:* |
vivotek | fd9388-htv | - | cpe:2.3:h:vivotek:fd9388-htv:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
28.4%