CVE-2025-66051
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vivotek | ip7137 | From 0200a (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Vivotek IP7137 camera firmware version 0200a is a path traversal issue. This means an authenticated attacker can use a direct HTTP request to access files and resources outside the intended webroot directory. Additionally, due to a related vulnerability (CVE-2025-66050), the administration panel password is not set by default, increasing the risk of unauthorized access. The manufacturer has not provided a fix, and all firmware versions may be affected. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with authentication to access sensitive files outside the webroot directory, potentially exposing confidential information or system files. Combined with the lack of a default password for the administration panel, it increases the risk of unauthorized control over the device. This can lead to privacy breaches, unauthorized surveillance, or further exploitation of the device. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access resources outside the webroot directory on the Vivotek IP7137 camera using crafted HTTP requests that exploit path traversal. Since the attacker must be authenticated, checking for default or missing passwords on the administration panel is also relevant. Network scanning for open RTSP port 8554 and attempting to access the live video stream without authentication can indicate related vulnerabilities. Specific commands might include using curl or wget to send HTTP requests with path traversal payloads, for example: curl -u admin:admin "http://<camera-ip>/../../etc/passwd" to test path traversal, or using nmap to scan for open RTSP port: nmap -p 8554 <camera-ip>. However, exact commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing or setting a strong password for the administration panel to prevent unauthorized authenticated access, restricting network access to the camera to trusted users only, disabling RTSP streaming if not needed, and isolating the device from untrusted networks. Since the product is End-Of-Life and no patches are expected, these compensating controls are critical to reduce risk. [1]