CVE-2025-66050

Critical CVSS: 9.3

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need.
The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Vendor

Vivotek

Product

Ip7137 Firmware

CWE

CWE-1393

Yayın Tarihi

2026-01-09 12:15:53

Güncelleme

2026-01-14 17:48:29

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-1393 Ip7137 Firmware CRITICAL Vivotek 2026

Referanslar

https://cert.pl/posts/2026/01/CVE-2025-66049

Benzer Kayıtlar

High

CVE-2025-66049

Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera foo…

Medium

CVE-2025-66051

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated a…

High

CVE-2025-66052

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "…