A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.

Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found.

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header.

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance

Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware

Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.