Lewis Patten

**Name of the Vulnerable Software and Affected Versions** VIVOTEK INC FD8136-VVTK-0300a (affected versions not specified) **Description** A buffer overflow allows a remote attacker to execute arbitrary code via the 'set getparam.cgi' component. A buffer overflow occurs when a program writes more data to a block of memory, or buffer, than it is allocated to hold, potentially overwriting adjacent memory locations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vivotek FD8136 version FD8136-VVTK-0300a **Description** A remote buffer overflow occurs in the admin interface. An authenticated attacker can exploit this to execute arbitrary code with root privileges on the device via the '/cgi-bin/dido/setdo.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.