Vulnerability Description
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vivotek | Cc9381-Hv Firmware | <= 0222g |
| Vivotek | Cc9381-Hv | - |
| Vivotek | Fd9360-H Firmware | <= 0222g |
| Vivotek | Fd9360-H | - |
| Vivotek | Fd9368-Htv Firmware | <= 0222g |
| Vivotek | Fd9368-Htv | - |
| Vivotek | Fd9380-H Firmware | <= 0222g |
| Vivotek | Fd9380-H | - |
| Vivotek | Fd9388-Htv Firmware | <= 0222g |
| Vivotek | Fd9388-Htv | - |
| Vivotek | Ib9360-H Firmware | <= 0222g |
| Vivotek | Ib9360-H | - |
| Vivotek | Ib9368-Ht Firmware | <= 0222g |
| Vivotek | Ib9368-Ht | - |
| Vivotek | Ib9380-H Firmware | <= 0222g |
| Vivotek | Ib9380-H | - |
| Vivotek | Ib9388-Ht Firmware | <= 0222g |
| Vivotek | Ib9388-Ht | - |
| Vivotek | It9360-H Firmware | <= 0222g |
| Vivotek | It9360-H | - |
References
- http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001Vendor Advisory
- http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001Vendor Advisory
FAQ
What is CVE-2020-11949?
CVE-2020-11949 is a vulnerability with a CVSS score of 6.5 (MEDIUM). testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's ...
How severe is CVE-2020-11949?
CVE-2020-11949 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11949?
Check the references section above for vendor advisories and patch information. Affected products include: Vivotek Cc9381-Hv Firmware, Vivotek Cc9381-Hv, Vivotek Fd9360-H Firmware, Vivotek Fd9360-H, Vivotek Fd9368-Htv Firmware.