Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-66052

Опубликовано: 09 янв. 2026
Источник: nvd
CVSS3: 7.2
EPSS Низкий

Описание

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default,  The vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:vivotek:ip7137_firmware:0200a:*:*:*:*:*:*:*
cpe:2.3:h:vivotek:ip7137:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00267
Низкий

7.2 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

github логотип

GHSA-6hj7-3vmc-gm54

CVSS3: 7.2
github
26 дней назад

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default,  The vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

fstec логотип

BDU:2026-00867

CVSS3: 7.2
fstec
27 дней назад

Уязвимость сценария /cgi-bin/admin/setparam.cgi микропрограммного обеспечения IP-камер Vivotek IP7137, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 50%
0.00267
Низкий

7.2 High

CVSS3

Дефекты

CWE-78