CVE-2026-22755

Name of the Vulnerable Software and Affected Versions Vivotek devices versions 0100a through 012502

Description The affected devices contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') issue. This allows for potential OS Command Injection through the upload map.cgi component. The issue affects multiple Vivotek camera models, potentially serving as pivot points for further network compromise. The vulnerability allows for remote code execution.

Recommendations Update devices with firmware versions prior to 0100a. Update devices with firmware versions prior to 0106a. Update devices with firmware versions prior to 0106b. Update devices with firmware versions prior to 0107a. Update devices with firmware versions prior to 0107b 1. Update devices with firmware versions prior to 0109a. Update devices with firmware versions prior to 0112a. Update devices with firmware versions prior to 0113a. Update devices with firmware versions prior to 0113d. Update devices with firmware versions prior to 0117b. Update devices with firmware versions prior to 0119e. Update devices with firmware versions prior to 0120b. Update devices with firmware versions prior to 0121. Update devices with firmware versions prior to 0121d. Update devices with firmware versions prior to 0121d 48573 1. Update devices with firmware versions prior to 0122e. Update devices with firmware versions prior to 0124d 48573 1. Update devices with firmware versions prior to 012501. Update devices with firmware versions prior to 012502.