QwikSec

Security Database

CVE

CWE

Training

CVE-2018-18004

Published: Jan 3, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244

x_refsource_MISC

http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.