CVE-2026-22755
Unknown Unknown - Not Provided
Command Injection in Vivotek Firmware Affects Multiple Models

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: Larry Cashdollar

Description
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22755
Affected Vendors & Products
Showing 37 associated CPEs
Vendor Product Version / Range
vivotek fd8365 *
vivotek fd8365v2 *
vivotek fd9165 *
vivotek fd9171 *
vivotek fd9187 *
vivotek fd9189 *
vivotek fd9365 *
vivotek fd9371 *
vivotek fd9381 *
vivotek fd9387 *
vivotek fd9389 *
vivotek fd9391 *
vivotek fe9180 *
vivotek fe9181 *
vivotek fe9191 *
vivotek fe9381 *
vivotek fe9382 *
vivotek fe9391 *
vivotek fe9582 *
vivotek ib9365 *
vivotek ib93587lpr *
vivotek ib9371 *
vivotek ib9381 *
vivotek ib9387 *
vivotek ib9389 *
vivotek ib939 *
vivotek ip9165 *
vivotek ip9171 *
vivotek ip9172 *
vivotek ip9181 *
vivotek ip9191 *
vivotek it9389 *
vivotek ma9321 *
vivotek ma9322 *
vivotek ms9321 *
vivotek ms9390 *
vivotek tb9330 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Command Injection issue in certain Vivotek device models. It occurs because the device firmware improperly neutralizes special elements used in commands, allowing an attacker to inject and execute arbitrary operating system commands on the affected device.

Impact Analysis

An attacker exploiting this vulnerability could execute arbitrary OS commands on the affected device, potentially leading to unauthorized control, data theft, disruption of device functionality, or further network compromise.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22755. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart