CVE-2026-30650
Analyzed Analyzed - Analysis Complete
Remote Code Execution in Vivotek FD8136 Cameras

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: MITRE

Description
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-23
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-30650
EUVD
EUVD-2026-33967
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vivotek fd8136_firmware 0300a
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by identifying if the Vivotek FD8136 camera is running the vulnerable firmware version FD8136-VVTK-0300a and if the /cgi-bin/admin/eventtask.cgi endpoint is accessible and requires authentication.

Detection may involve sending authenticated POST requests to the /cgi-bin/admin/eventtask.cgi endpoint with payloads exceeding 0x88 bytes to test for buffer overflow behavior, but this requires careful handling to avoid crashing the device.

Specific commands are not provided in the available resources, but network scanning tools can be used to identify devices running the vulnerable firmware and endpoints.

Mitigation Strategies

Immediate mitigation steps are not explicitly detailed in the provided resources.

General best practices include restricting access to the admin interface, especially the /cgi-bin/admin/eventtask.cgi endpoint, ensuring only trusted authenticated users can access it.

Monitoring for unusual activity on the device and applying any available firmware updates or patches from Vivotek once released would also be advisable.

Executive Summary

CVE-2026-30650 is a post-authentication remote buffer overflow vulnerability found in the /cgi-bin/admin/eventtask.cgi endpoint of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a.

This vulnerability occurs because the eventtask.cgi binary reads the raw POST request body directly into a fixed-size 0x88-byte stack buffer without validating the input length.

An authenticated attacker can send a specially crafted payload longer than 0x88 bytes, causing a stack buffer overflow that overwrites the saved link register.

This overflow allows the attacker to execute arbitrary code with root privileges on the device remotely.

The binary lacks stack canaries or other memory protections, making exploitation relatively straightforward.

Impact Analysis

This vulnerability allows an authenticated attacker to remotely execute arbitrary code as root on the affected Vivotek FD8136 camera.

As a result, the attacker could take full control of the device, potentially leading to unauthorized access, manipulation, or disruption of the camera's functions.

Such control could be used to spy on surveillance feeds, disable security monitoring, or use the device as a foothold to attack other parts of the network.

Compliance Impact

The provided information does not specify how the CVE-2026-30650 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30650. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart