CVE-2026-30650
Remote Code Execution in Vivotek FD8136 Cameras
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vivotek | fd8136 | fd8136-vvtk-0300a |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30650 is a post-authentication remote buffer overflow vulnerability found in the /cgi-bin/admin/eventtask.cgi endpoint of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a.
This vulnerability occurs because the eventtask.cgi binary reads the raw POST request body directly into a fixed-size 0x88-byte stack buffer without validating the input length.
An authenticated attacker can send a specially crafted payload longer than 0x88 bytes, causing a stack buffer overflow that overwrites the saved link register.
This overflow allows the attacker to execute arbitrary code with root privileges on the device remotely.
The binary lacks stack canaries or other memory protections, making exploitation relatively straightforward.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-30650 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if the Vivotek FD8136 camera is running the vulnerable firmware version FD8136-VVTK-0300a and if the /cgi-bin/admin/eventtask.cgi endpoint is accessible and requires authentication.
Detection may involve sending authenticated POST requests to the /cgi-bin/admin/eventtask.cgi endpoint with payloads exceeding 0x88 bytes to test for buffer overflow behavior, but this requires careful handling to avoid crashing the device.
Specific commands are not provided in the available resources, but network scanning tools can be used to identify devices running the vulnerable firmware and endpoints.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly detailed in the provided resources.
General best practices include restricting access to the admin interface, especially the /cgi-bin/admin/eventtask.cgi endpoint, ensuring only trusted authenticated users can access it.
Monitoring for unusual activity on the device and applying any available firmware updates or patches from Vivotek once released would also be advisable.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to remotely execute arbitrary code as root on the affected Vivotek FD8136 camera.
As a result, the attacker could take full control of the device, potentially leading to unauthorized access, manipulation, or disruption of the camera's functions.
Such control could be used to spy on surveillance feeds, disable security monitoring, or use the device as a foothold to attack other parts of the network.