CVE-2020-11950

high-risk

Published 2020-05-28

VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.

Do I need to act?

~

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Cc9381-Hv Firmware

Fd9360-H Firmware

Fd9368-Htv Firmware

Fd9380-H Firmware

Fd9388-Htv Firmware

Ib9360-H Firmware

Ib9368-Ht Firmware

Ib9380-H Firmware

Ib9388-Ht Firmware

It9360-H Firmware

It9380-H Firmware

It9388-Ht Firmware

Md9560-Dh Firmware

Md9560-H Firmware

Fd9366-Hv Firmware

Fd9166-Hn Firmware

Fe9380-Hv Firmware

Cc8160 Firmware

Cc8160\(Hs\) Firmware

Cc8370-Hv Firmware

Affected Vendors

Vivotek

References (2)

Vendor Advisory http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001...

Vendor Advisory http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001...

67

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 4/34 · Minimal

Exposure 33/34 · Critical