Log in
Global - English
Understand Your Cyber Risks
- Define and apply a strong password policy and immediately change all default passwords.
- Regularly update to the latest firmware to address known bugs and security vulnerabilities.
- Implement the VIVOTEK Security Hardening Guide according to your environment (basic, advanced, or enterprise) to strengthen overall protection.
- Review and act on our Security Advisories to understand and mitigate the risks of known vulnerabilities in a timely manner.
To effectively protect your network and devices, it is important to recognize that security ultimately depends on your own risk assessments, configuration decisions, and ongoing maintenance. We strongly recommend that all users:
By continuously evaluating your own risk exposure and applying these measures, you can significantly reduce the likelihood and impact of cyberattacks on your network and devices.
Contact Information
Please contact us at VIVOTEK Support Center to report a vulnerability or other security concern.
Security Advisory
Latest Update: 2025/12/12
Advisory ID
|
Advisory | CVE ID | Status | Last Updated |
|---|---|---|---|---|
| VVTK-SA-2022-01 | None of VIVOTEK Product is Affected by Linux Kernel Privilege Escalation Vulnerability | CVE-2022-0847 | Confirmed | March 09, 2022 |
| VVTK-SA-2021-01 | No VIVOTEK Products are Affected by Apache Log4j Vulnerability | CVE-2021-44228 | Confirmed | December 16, 2021 |
| VVTK-SA-2020-001 | Allow Remote Command Execution via Uploaded Customized Script CVE-2020-11950 - #1 Remote Command Execution CVE-2020-11949 - #2 Arbitrary File Download |
CVE-2020-11950, CVE-2020-11949 | Fixed | May 26 2020 |
| VVTK-SA-2019-004 | Command Injection Vulnerability via CGI | CVE-2019-19936 | Fixed | Jan 13 2020 |
| VVTK-SA-2019-003 | Multiple Linux Kernel DoS Vulnerabilities | CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 | Partial Fixed | Sep 6 2019 |
| VVTK-SA-2019-002 | Remote DoS and Stack Overflow of Web Server | CVE-2019-14457, CVE-2019-14458 | Fixed | Sep 10 2019 |
| VVTK-SA-2019-001 | Authentication Bypass | CVE-2019-10256 | Fixed | July 24 2019 |
| VVTK-SA-2018-006 | Multiple XSS Vulnerabilities and Hidden Service Notification | CVE-2018-18244, CVE-2018-18005, CVE-2018-18004 | Fixed | Dec 28 2018 |
| VVTK-SA-2018-005 | Linux Kernel DoS Vulnerability | CVE-2018-5391 | Fixed | Sep 4 2019 |
| VVTK-SA-2018-004 | Cross-Site Request Forgery (CSRF) | CVE-2018-14769 | Fixed | Aug 24 2018 |
| VVTK-SA-2018-003 | Multiple Command Injection Vulnerabilities | CVE-2018-14768, CVE-2018-14771, CVE-2018-14770 | Fixed | Aug 24 2018 |
| VVTK-SA-2018-002 | KRACK - WPA2 Key Reinstallation Attacks | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2107-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 | Fixed | Aug 24 2018 |
| VVTK-SA-2018-001 | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 | Confirmed | Jan 10 2018 | |
| VVTK-SA-20171001-01 | Remote Stack Overflow of Web Server | - | Fixed | Nov 14 2017 |
| VVTK-SA-20170621-01 | CVE-2017-9765 - gSOAP | CVE-2017-9765 | Fixed | Aug 17 2017 |
| VVTK-SA-20170623-02 | CVE-2017-9829 - Arbitrary File Download | CVE-2017-9829 | Fixed | Nov 10 2017 |
| VVTK-SA-20170623-01 | CVE-2017-9828 - Shell Command Injection | CVE-2017-9828 | Fixed | Nov 10 2017 |
| - | Cybersecurity Announcement Jul 7 2017 | Fixed | Jul 7 2017 | |
| - | Cybersecurity Announcement Nov 4 2016 | Confirmed | Nov 4 2016 |
