Cybersecurity

Overview

Cyberattacks are a part of the current atmosphere of network computing devices. Due to this reality, VIVOTEK pushes forth with industry best practices in order to reduce security vulnerabilities in our products.

VIVOTEK cybersecurity assurance efforts are built into the lifecycle of its products, including development, verification, manufacturing, delivery and service. We are constantly evaluating and enhancing our cybersecurity efforts in order to provide our valued customers with the highest quality and most reliable products. Although VIVOTEK cannot protect standardized network protocols and services from cyberattacks, we are committed to helping minimize and stopping such events from occurring on VIVOTEK products.

Collaborating in Cyber Protection

Cybersecurity

Cybersecurity Management

Cybersecurity

Alliance with Trend Micro

Cybersecurity

Understand Cyber Risks

In collaboration with industry-leading cybersecurity software partners, VIVOTEK focuses on making network security products and software that meet industry protocols as well as constantly developing shields to increase your protection from various cyberattacks. By choosing VIVOTEK solutions, users can experience not only high-quality products, but also safer network environments.

Cybersecurity Management

VIVOTEK follows the best industry practices in building our security solutions, from product design and firmware development to 3rd party testing and reviews:

  • Follows the Open Web Application Security Project (OWASP) Top 10 Guideline for IoT device, mobile, and website codes.
  • Performs internal product security code reviews.
  • Applies static code analysis to make sure software reliability and code quality.
  • Conducts penetration testing by Devcore, a 3rd party security advisor for review and recommendation.
  • Provides the Vulnerability Policy, Hardening Guide, and Security Advisories for users to understand their cybersecurity needs and risks.

Cybersecurity Report Process

Timely response and transparency

Cybersecurity

Trend Micro IoT Security

Alliance with Trend Micro Cybersecurity

VIVOTEK is the world’s first network surveillance solution manufacturer to cooperate with the world-renowned cybersecurity company, Trend Micro. Through network cameras armed with Trend Micro's anti-intrusion software, VIVOTEK brings high security and robust network surveillance to secure lives and protect data.

Multi-Layer Protection Solution for Surveillance Cameras

Cybersecurity
  • Brute Force Attack Detection
  • When the system detects brute-force attacks based on a defined number of failed login attempts, it will automatically activate a defense mechanism to block that IP address and prevent further attacks.

  • Intrusion Detection and Prevention
  • After shutting down if any malware or abnormal access behavior is detected, any attempt to control the console, access controversial websites, or any intrusion behavior will be automatically secured by the offense mechanism.

  • Instant Damage Control
  • If an unknown attack occurs, the system will remotely patch all data and transfer it to the anti-intrusion team to analyze and solve it in a timely manner, effectively decreasing the spread of internal infections, and letting users get back to work safely and quickly.

Trend Micro Security for Surveillance Cameras (TMIS-CAM)

Cybersecurity

Support Products

Category Models
Box Cameras IP8166, IP9165-HP, IP9165-HT, IP9165-LPC, IP9167-HP, IP9167-HT, IP9191-HP, IP9191-HT
Bullet Cameras IB8367A, IB8369A, IB9365-EHT, IB9365-HT, IB9367-EH, IB9367-EHT, IB9367-H, IB9367-HT, IB9391-EHT
Fixed Dome Cameras CD8371-HNTV, CD8371-HNVF2, FD8166A, FD8166A-N, FD8167A, FD8169A, FD816CA-HF2, FD8366-V, FD8367A-V, FD8369A-V, FD9165-HT, FD9167-H, FD9167-HT, FD9365-EHTV, FD9365-HTV, FD9367-EHTV, FD9367-HTV, FD9367-HV, FD9391-EHTV
180°/360° Cameras CC8160, CC8370-HV, CC8371-HV, FE9191, FE9391-EV, MS9390-HV
Mobile Dome Cameras MD8563-DEH, MD8563-EH, MD8564-EH, MD8565-N
Mini Cameras IB8360, IB8360-W, IP8160, IP8160-W
Split-type Camera System VC8101
Video Server VS8100-v2
* Models in Blue Color: 1-year free trial version from manufacturing time.
* Models in Orange Color: 3-year free trial version from manufacturing time.

Product Security

Understand Your Cyber Risks

To safeguard the network, we encourage users to better understand the risks and apply the recommended solutions to reduce their vulnerabilities from cyberattacks:

  • Use a strong password (Never use the default password).
  • Download the latest firmware to fix bugs and vulnerabilities.
  • Follow VIVOTEK's Vulnerability Policy to know how to manage and respond to security vulnerabilities.
  • Implement VIVOTEK's Hardening Guide to secure basic, advanced, or enterprise infrastructures.
  • Refer Security Advisories to help reduce risks of known vulnerabilities.

News Update

  • 2018/09/04: CVE-2018-5391 Linux kernel IP fragment re-assembly DoS Vulnerability, VVTK-SA-2018-005
  • 2018/08/24: Implement Cross-Site Request Forgery (CSRF) Protection Mechanism, VVTK-SA-2018-004
  • 2018/08/24: Multiple Command Injection Vulnerabilities Fixed, VVTK-SA-2018-003
  • 2018/08/24: KRACK - WPA2 key reinstallation attacks, Status update to Fixed, VVTK-SA-2018-002

Security Advisory

Advisory ID Advisory Status Last Updated
VVTK-SA-2018-005 CVE-2018-5391 - Linux kernel DoS Vulnerability Acknowledged Sep 4 2018
VVTK-SA-2018-004 Cross-Site Request Forgery (CSRF) Fixed Aug 24 2018
VVTK-SA-2018-003 Multiple Command Injection Vulnerabilities Fixed Aug 24 2018
VVTK-SA-2018-002 KRACK - WPA2 key reinstallation attacks Fixed Aug 24 2018
VVTK-SA-2018-001 CPU side-channel attacks "Meltdown” and "Spectre" Confirmed Jan 10 2018
VVTK-SA-20171001-01 Remote Stack Overflow of Web Server Fixed Nov 14 2017
VVTK-SA-20170621-01 CVE-2017-9765 - gSOAP Fixed Aug 17 2017
VVTK-SA-20170623-02 CVE-2017-9829 - Arbitrary File Download Fixed Nov 10 2017
VVTK-SA-20170623-01 CVE-2017-9828 - Shell Command Injection Fixed Nov 10 2017
- Cybersecurity Announcement Jul 7 2017 Fixed Jul 7 2017
- Cybersecurity Announcement Nov 4 2016 Confirmed Nov 4 2016

Downloads

Contact Information

Please contact us at security@vivotek.com to report a vulnerability or other security concern. For other support issues, please contact technical@vivotek.com.