CVE-2026-35717

Name of the Vulnerable Software and Affected Versions VIVOTEK FD8136 firmware FD8136-VVTK-0300a

Description A stack-based buffer overflow exists in the export language.cgi binary. Authenticated remote attackers can execute arbitrary code with root privileges by sending a crafted POST request to the '/cgi-bin/admin/export language.cgi' endpoint. The issue occurs because the handler passes the attacker-controlled Content-Length value directly to the fread() function as the read size into a fixed-size 0x60-byte stack buffer, which allows the saved link register to be overwritten. The binary lacks stack canaries, which are security mechanisms used to detect stack buffer overflows before execution of malicious code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.