PT-2026-1853 · Vivotek · Ip7137

Szymon Paszun

Published

2026-01-09

Updated

2026-01-09

CVE-2025-66049

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vivotek IP7137 camera versions prior to 0200a

Description The Vivotek IP7137 camera is affected by an information disclosure issue. Live camera footage can be accessed through the Real Time Streaming Protocol (RTSP) on port 8554 without authentication. This allows unauthorized network users to view the camera feed, potentially compromising privacy and security. The vendor has not responded to reports of this issue, and as the product is in its End-Of-Life phase, a fix is not expected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

OS Command Injection

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-78CWE-1393CWE-22

Related Identifiers

BDU:2026-00867

BDU:2026-00868

BDU:2026-00869

BDU:2026-00870

CVE-2025-66049

Affected Products

Ip7137

PT-2026-1853 · Vivotek · Ip7137

CVE-2025-66049

Weakness Enumeration

Related Identifiers

Affected Products

References · 9