CVE-2020-11950

8.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated users to upload and execute scripts on affected VIVOTEK network cameras, leading to remote code execution with OS command injection. It affects VIVOTEK network cameras running firmware versions before XXXXX-VVTK-2.2002.xx.01x and before XXXXX-VVTK-0XXXX_Beta2, including IT9388-HT devices.

💻 Affected Systems

Products:

• VIVOTEK Network Cameras
• IT9388-HT devices

Versions: Firmware versions before XXXXX-VVTK-2.2002.xx.01x and before XXXXX-VVTK-0XXXX_Beta2

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the camera's web interface or API. Default credentials may increase risk.

📦 What is this software?

Cc8160 Firmware by Vivotek

View all CVEs affecting Cc8160 Firmware →

Cc8160\(hs\) Firmware by Vivotek

View all CVEs affecting Cc8160\(hs\) Firmware →

Cc8370 Hv Firmware by Vivotek

View all CVEs affecting Cc8370 Hv Firmware →

Cc8371 Hv Firmware by Vivotek

View all CVEs affecting Cc8371 Hv Firmware →

Cc9381 Hv Firmware by Vivotek

View all CVEs affecting Cc9381 Hv Firmware →

Cd8371 Hntv Firmware by Vivotek

View all CVEs affecting Cd8371 Hntv Firmware →

Cd8371 Hnvf2 Firmware by Vivotek

View all CVEs affecting Cd8371 Hnvf2 Firmware →

Fd8166a Firmware by Vivotek

View all CVEs affecting Fd8166a Firmware →

Fd8166a N Firmware by Vivotek

View all CVEs affecting Fd8166a N Firmware →

Fd8167a Firmware by Vivotek

View all CVEs affecting Fd8167a Firmware →

Fd8167a S Firmware by Vivotek

View all CVEs affecting Fd8167a S Firmware →

Fd8169a Firmware by Vivotek

View all CVEs affecting Fd8169a Firmware →

Fd8169a S Firmware by Vivotek

View all CVEs affecting Fd8169a S Firmware →

Fd816b Hf2 Firmware by Vivotek

View all CVEs affecting Fd816b Hf2 Firmware →

Fd816b Ht Firmware by Vivotek

View all CVEs affecting Fd816b Ht Firmware →

Fd816ba Hf2 Firmware by Vivotek

View all CVEs affecting Fd816ba Hf2 Firmware →

Fd816ba Ht Firmware by Vivotek

View all CVEs affecting Fd816ba Ht Firmware →

Fd816c Hf2 Firmware by Vivotek

View all CVEs affecting Fd816c Hf2 Firmware →

Fd816ca Hf2 Firmware by Vivotek

View all CVEs affecting Fd816ca Hf2 Firmware →

Fd8177 H Firmware by Vivotek

View all CVEs affecting Fd8177 H Firmware →

Fd8177 H Firmware by Vivotek

View all CVEs affecting Fd8177 H Firmware →

Fd8177 Ht Firmware by Vivotek

View all CVEs affecting Fd8177 Ht Firmware →

Fd8179 H Firmware by Vivotek

View all CVEs affecting Fd8179 H Firmware →

Fd8182 F1 Firmware by Vivotek

View all CVEs affecting Fd8182 F1 Firmware →

Fd8182 F2 Firmware by Vivotek

View all CVEs affecting Fd8182 F2 Firmware →

Fd8182 T Firmware by Vivotek

View all CVEs affecting Fd8182 T Firmware →

Fd8366 V Firmware by Vivotek

View all CVEs affecting Fd8366 V Firmware →

Fd8367a V Firmware by Vivotek

View all CVEs affecting Fd8367a V Firmware →

Fd8369a V Firmware by Vivotek

View all CVEs affecting Fd8369a V Firmware →

Fd836b Ehtv Firmware by Vivotek

View all CVEs affecting Fd836b Ehtv Firmware →

Fd836b Ehtv Firmware by Vivotek

View all CVEs affecting Fd836b Ehtv Firmware →

Fd836b Ehvf2 Firmware by Vivotek

View all CVEs affecting Fd836b Ehvf2 Firmware →

Fd836b Ehvf2 Firmware by Vivotek

View all CVEs affecting Fd836b Ehvf2 Firmware →

Fd836b Htv Firmware by Vivotek

View all CVEs affecting Fd836b Htv Firmware →

Fd836b Htv Firmware by Vivotek

View all CVEs affecting Fd836b Htv Firmware →

Fd836b Hvf2 Firmware by Vivotek

View all CVEs affecting Fd836b Hvf2 Firmware →

Fd836b Hvf2 Firmware by Vivotek

View all CVEs affecting Fd836b Hvf2 Firmware →

Fd836ba Ehtv Firmware by Vivotek

View all CVEs affecting Fd836ba Ehtv Firmware →

Fd836ba Ehvf2 Firmware by Vivotek

View all CVEs affecting Fd836ba Ehvf2 Firmware →

Fd836ba Htv Firmware by Vivotek

View all CVEs affecting Fd836ba Htv Firmware →

Fd836ba Hvf2 Firmware by Vivotek

View all CVEs affecting Fd836ba Hvf2 Firmware →

Fd8377 Ehtv Firmware by Vivotek

View all CVEs affecting Fd8377 Ehtv Firmware →

Fd8377 Htv Firmware by Vivotek

View all CVEs affecting Fd8377 Htv Firmware →

Fd8377 Hv Firmware by Vivotek

View all CVEs affecting Fd8377 Hv Firmware →

Fd8377 Hv Firmware by Vivotek

View all CVEs affecting Fd8377 Hv Firmware →

Fd8379 Hv Firmware by Vivotek

View all CVEs affecting Fd8379 Hv Firmware →

Fd8382 Etv Firmware by Vivotek

View all CVEs affecting Fd8382 Etv Firmware →

Fd8382 Evf2 Firmware by Vivotek

View all CVEs affecting Fd8382 Evf2 Firmware →

Fd8382 Tv Firmware by Vivotek

View all CVEs affecting Fd8382 Tv Firmware →

Fd8382 Vf2 Firmware by Vivotek

View all CVEs affecting Fd8382 Vf2 Firmware →

Fd9165 Ht A Firmware by Vivotek

View all CVEs affecting Fd9165 Ht A Firmware →

Fd9165 Ht Firmware by Vivotek

View all CVEs affecting Fd9165 Ht Firmware →

Fd9166 Hn Firmware by Vivotek

View all CVEs affecting Fd9166 Hn Firmware →

Fd9167 H Firmware by Vivotek

View all CVEs affecting Fd9167 H Firmware →

Fd9167 Ht Firmware by Vivotek

View all CVEs affecting Fd9167 Ht Firmware →

Fd9171 Ht Firmware by Vivotek

View all CVEs affecting Fd9171 Ht Firmware →

Fd9181 Ht Firmware by Vivotek

View all CVEs affecting Fd9181 Ht Firmware →

Fd9187 H Firmware by Vivotek

View all CVEs affecting Fd9187 H Firmware →

Fd9187 Ht A Firmware by Vivotek

View all CVEs affecting Fd9187 Ht A Firmware →

Fd9187 Ht Firmware by Vivotek

View all CVEs affecting Fd9187 Ht Firmware →

Fd9189 H Firmware by Vivotek

View all CVEs affecting Fd9189 H Firmware →

Fd9189 Hm Firmware by Vivotek

View all CVEs affecting Fd9189 Hm Firmware →

Fd9189 Ht Firmware by Vivotek

View all CVEs affecting Fd9189 Ht Firmware →

Fd9360 H Firmware by Vivotek

View all CVEs affecting Fd9360 H Firmware →

Fd9365 Ehtv A Firmware by Vivotek

View all CVEs affecting Fd9365 Ehtv A Firmware →

Fd9365 Ehtv Firmware by Vivotek

View all CVEs affecting Fd9365 Ehtv Firmware →

Fd9365 Htv A Firmware by Vivotek

View all CVEs affecting Fd9365 Htv A Firmware →

Fd9365 Htv Firmware by Vivotek

View all CVEs affecting Fd9365 Htv Firmware →

Fd9365 Htvl Firmware by Vivotek

View all CVEs affecting Fd9365 Htvl Firmware →

Fd9366 Hv Firmware by Vivotek

View all CVEs affecting Fd9366 Hv Firmware →

Fd9367 Ehtv Firmware by Vivotek

View all CVEs affecting Fd9367 Ehtv Firmware →

Fd9367 Htv Firmware by Vivotek

View all CVEs affecting Fd9367 Htv Firmware →

Fd9367 Htv\(epoc\) Firmware by Vivotek

View all CVEs affecting Fd9367 Htv\(epoc\) Firmware →

Fd9367 Hv Firmware by Vivotek

View all CVEs affecting Fd9367 Hv Firmware →

Fd9368 Htv Firmware by Vivotek

View all CVEs affecting Fd9368 Htv Firmware →

Fd9371 \(e\)htv Firmware by Vivotek

View all CVEs affecting Fd9371 \(e\)htv Firmware →

Fd9380 H Firmware by Vivotek

View all CVEs affecting Fd9380 H Firmware →

Fd9381 \(e\)htv Firmware by Vivotek

View all CVEs affecting Fd9381 \(e\)htv Firmware →

Fd9387 Ehtv A Firmware by Vivotek

View all CVEs affecting Fd9387 Ehtv A Firmware →

Fd9387 Ehtv Firmware by Vivotek

View all CVEs affecting Fd9387 Ehtv Firmware →

Fd9387 Ehv Firmware by Vivotek

View all CVEs affecting Fd9387 Ehv Firmware →

Fd9387 Htv A Firmware by Vivotek

View all CVEs affecting Fd9387 Htv A Firmware →

Fd9387 Htv Firmware by Vivotek

View all CVEs affecting Fd9387 Htv Firmware →

Fd9387 Hv Firmware by Vivotek

View all CVEs affecting Fd9387 Hv Firmware →

Fd9388 Htv Firmware by Vivotek

View all CVEs affecting Fd9388 Htv Firmware →

Fd9389 Ehmv Firmware by Vivotek

View all CVEs affecting Fd9389 Ehmv Firmware →

Fd9389 Ehtv Firmware by Vivotek

View all CVEs affecting Fd9389 Ehtv Firmware →

Fd9389 Ehv Firmware by Vivotek

View all CVEs affecting Fd9389 Ehv Firmware →

Fd9389 Hmv Firmware by Vivotek

View all CVEs affecting Fd9389 Hmv Firmware →

Fd9389 Htv Firmware by Vivotek

View all CVEs affecting Fd9389 Htv Firmware →

Fd9389 Hv Firmware by Vivotek

View all CVEs affecting Fd9389 Hv Firmware →

Fd9391 Ehtv Firmware by Vivotek

View all CVEs affecting Fd9391 Ehtv Firmware →

Fe8182 Firmware by Vivotek

View all CVEs affecting Fe8182 Firmware →

Fe9180 H Firmware by Vivotek

View all CVEs affecting Fe9180 H Firmware →

Fe9181 H Firmware by Vivotek

View all CVEs affecting Fe9181 H Firmware →

Fe9182 H Firmware by Vivotek

View all CVEs affecting Fe9182 H Firmware →

Fe9191 Firmware by Vivotek

View all CVEs affecting Fe9191 Firmware →

Fe9380 Hv Firmware by Vivotek

View all CVEs affecting Fe9380 Hv Firmware →

Fe9381 Ehv Firmware by Vivotek

View all CVEs affecting Fe9381 Ehv Firmware →

Fe9382 Ehv Firmware by Vivotek

View all CVEs affecting Fe9382 Ehv Firmware →

Fe9391 Ev Firmware by Vivotek

View all CVEs affecting Fe9391 Ev Firmware →

Fe9582 Ehnv Firmware by Vivotek

View all CVEs affecting Fe9582 Ehnv Firmware →

Ib8360 Firmware by Vivotek

View all CVEs affecting Ib8360 Firmware →

Ib8360 W Firmware by Vivotek

View all CVEs affecting Ib8360 W Firmware →

Ib8367a Firmware by Vivotek

View all CVEs affecting Ib8367a Firmware →

Ib8369a Firmware by Vivotek

View all CVEs affecting Ib8369a Firmware →

Ib836b Ehf3 Firmware by Vivotek

View all CVEs affecting Ib836b Ehf3 Firmware →

Ib836b Eht Firmware by Vivotek

View all CVEs affecting Ib836b Eht Firmware →

Ib836b Hf3 Firmware by Vivotek

View all CVEs affecting Ib836b Hf3 Firmware →

Ib836b Hrf3 Firmware by Vivotek

View all CVEs affecting Ib836b Hrf3 Firmware →

Ib836b Ht Firmware by Vivotek

View all CVEs affecting Ib836b Ht Firmware →

Ib836ba Ehf3 Firmware by Vivotek

View all CVEs affecting Ib836ba Ehf3 Firmware →

Ib836ba Eht Firmware by Vivotek

View all CVEs affecting Ib836ba Eht Firmware →

Ib836ba Hf3 Firmware by Vivotek

View all CVEs affecting Ib836ba Hf3 Firmware →

Ib836ba Ht Firmware by Vivotek

View all CVEs affecting Ib836ba Ht Firmware →

Ib8377 Eht Firmware by Vivotek

View all CVEs affecting Ib8377 Eht Firmware →

Ib8377 H Firmware by Vivotek

View all CVEs affecting Ib8377 H Firmware →

Ib8377 Ht Firmware by Vivotek

View all CVEs affecting Ib8377 Ht Firmware →

Ib8379 H Firmware by Vivotek

View all CVEs affecting Ib8379 H Firmware →

Ib8382 Ef3 Firmware by Vivotek

View all CVEs affecting Ib8382 Ef3 Firmware →

Ib8382 Et Firmware by Vivotek

View all CVEs affecting Ib8382 Et Firmware →

Ib8382 F3 Firmware by Vivotek

View all CVEs affecting Ib8382 F3 Firmware →

Ib8382 Rf3 Firmware by Vivotek

View all CVEs affecting Ib8382 Rf3 Firmware →

Ib8382 Rt Firmware by Vivotek

View all CVEs affecting Ib8382 Rt Firmware →

Ib8382 T Firmware by Vivotek

View all CVEs affecting Ib8382 T Firmware →

Ib9360 H Firmware by Vivotek

View all CVEs affecting Ib9360 H Firmware →

Ib9365 Eht A Firmware by Vivotek

View all CVEs affecting Ib9365 Eht A Firmware →

Ib9365 Eht Firmware by Vivotek

View all CVEs affecting Ib9365 Eht Firmware →

Ib9365 Ht A Firmware by Vivotek

View all CVEs affecting Ib9365 Ht A Firmware →

Ib9365 Ht Firmware by Vivotek

View all CVEs affecting Ib9365 Ht Firmware →

Ib9367 Eh Firmware by Vivotek

View all CVEs affecting Ib9367 Eh Firmware →

Ib9367 Eht Firmware by Vivotek

View all CVEs affecting Ib9367 Eht Firmware →

Ib9367 H Firmware by Vivotek

View all CVEs affecting Ib9367 H Firmware →

Ib9367 Ht Firmware by Vivotek

View all CVEs affecting Ib9367 Ht Firmware →

Ib9368 Ht Firmware by Vivotek

View all CVEs affecting Ib9368 Ht Firmware →

Ib9371 \(e\)ht Firmware by Vivotek

View all CVEs affecting Ib9371 \(e\)ht Firmware →

Ib9380 H Firmware by Vivotek

View all CVEs affecting Ib9380 H Firmware →

Ib9381 \(e\)ht Firmware by Vivotek

View all CVEs affecting Ib9381 \(e\)ht Firmware →

Ib9387 Eh Firmware by Vivotek

View all CVEs affecting Ib9387 Eh Firmware →

Ib9387 Eht A Firmware by Vivotek

View all CVEs affecting Ib9387 Eht A Firmware →

Ib9387 Eht Firmware by Vivotek

View all CVEs affecting Ib9387 Eht Firmware →

Ib9387 H Firmware by Vivotek

View all CVEs affecting Ib9387 H Firmware →

Ib9387 Ht A Firmware by Vivotek

View all CVEs affecting Ib9387 Ht A Firmware →

Ib9387 Ht Firmware by Vivotek

View all CVEs affecting Ib9387 Ht Firmware →

Ib9388 Ht Firmware by Vivotek

View all CVEs affecting Ib9388 Ht Firmware →

Ib9389 Eh Firmware by Vivotek

View all CVEs affecting Ib9389 Eh Firmware →

Ib9389 Ehm Firmware by Vivotek

View all CVEs affecting Ib9389 Ehm Firmware →

Ib9389 Eht Firmware by Vivotek

View all CVEs affecting Ib9389 Eht Firmware →

Ib9389 H Firmware by Vivotek

View all CVEs affecting Ib9389 H Firmware →

Ib9389 Hm Firmware by Vivotek

View all CVEs affecting Ib9389 Hm Firmware →

Ib9389 Ht Firmware by Vivotek

View all CVEs affecting Ib9389 Ht Firmware →

Ib9391 Eht Firmware by Vivotek

View all CVEs affecting Ib9391 Eht Firmware →

Ip8160 Firmware by Vivotek

View all CVEs affecting Ip8160 Firmware →

Ip8160 W Firmware by Vivotek

View all CVEs affecting Ip8160 W Firmware →

Ip8166 Firmware by Vivotek

View all CVEs affecting Ip8166 Firmware →

Ip9164 Ht Firmware by Vivotek

View all CVEs affecting Ip9164 Ht Firmware →

Ip9164 Lpc Firmware by Vivotek

View all CVEs affecting Ip9164 Lpc Firmware →

Ip9165 Hp Firmware by Vivotek

View all CVEs affecting Ip9165 Hp Firmware →

Ip9165 Ht Firmware by Vivotek

View all CVEs affecting Ip9165 Ht Firmware →

Ip9165 Lpc Firmware by Vivotek

View all CVEs affecting Ip9165 Lpc Firmware →

Ip9165 Lpc\(i Cs Kit\) Firmware by Vivotek

View all CVEs affecting Ip9165 Lpc\(i Cs Kit\) Firmware →

Ip9167 Hp Firmware by Vivotek

View all CVEs affecting Ip9167 Hp Firmware →

Ip9167 Ht Firmware by Vivotek

View all CVEs affecting Ip9167 Ht Firmware →

Ip9167 Ht Firmware by Vivotek

View all CVEs affecting Ip9167 Ht Firmware →

Ip9171 Hp Firmware by Vivotek

View all CVEs affecting Ip9171 Hp Firmware →

Ip9172 Lpc Firmware by Vivotek

View all CVEs affecting Ip9172 Lpc Firmware →

Ip9181 H Firmware by Vivotek

View all CVEs affecting Ip9181 H Firmware →

Ip9191 Hp Firmware by Vivotek

View all CVEs affecting Ip9191 Hp Firmware →

Ip9191 Ht Firmware by Vivotek

View all CVEs affecting Ip9191 Ht Firmware →

It9360 H Firmware by Vivotek

View all CVEs affecting It9360 H Firmware →

It9380 H Firmware by Vivotek

View all CVEs affecting It9380 H Firmware →

It9388 Ht Firmware by Vivotek

View all CVEs affecting It9388 Ht Firmware →

It9389 H Firmware by Vivotek

View all CVEs affecting It9389 H Firmware →

It9389 Ht Firmware by Vivotek

View all CVEs affecting It9389 Ht Firmware →

Iz9361 Eh Firmware by Vivotek

View all CVEs affecting Iz9361 Eh Firmware →

Ma9321 Ehtv Firmware by Vivotek

View all CVEs affecting Ma9321 Ehtv Firmware →

Ma9322 Ehtv Firmware by Vivotek

View all CVEs affecting Ma9322 Ehtv Firmware →

Md8563 Deh Firmware by Vivotek

View all CVEs affecting Md8563 Deh Firmware →

Md8563 Eh Firmware by Vivotek

View all CVEs affecting Md8563 Eh Firmware →

Md8564 Eh Firmware by Vivotek

View all CVEs affecting Md8564 Eh Firmware →

Md8565 N Firmware by Vivotek

View all CVEs affecting Md8565 N Firmware →

Md9560 Dh Firmware by Vivotek

View all CVEs affecting Md9560 Dh Firmware →

Md9560 H Firmware by Vivotek

View all CVEs affecting Md9560 H Firmware →

Md9561 H Firmware by Vivotek

View all CVEs affecting Md9561 H Firmware →

Md9581 H Firmware by Vivotek

View all CVEs affecting Md9581 H Firmware →

Ms9321 Ehv Firmware by Vivotek

View all CVEs affecting Ms9321 Ehv Firmware →

Ms9390 Hv Firmware by Vivotek

View all CVEs affecting Ms9390 Hv Firmware →

Sd9161 H Firmware by Vivotek

View all CVEs affecting Sd9161 H Firmware →

Sd9361 Ehl Firmware by Vivotek

View all CVEs affecting Sd9361 Ehl Firmware →

Sd9362 Eh Firmware by Vivotek

View all CVEs affecting Sd9362 Eh Firmware →

Sd9362 Eh V2 Firmware by Vivotek

View all CVEs affecting Sd9362 Eh V2 Firmware →

Sd9362 Ehl Firmware by Vivotek

View all CVEs affecting Sd9362 Ehl Firmware →

Sd9363 Ehl Firmware by Vivotek

View all CVEs affecting Sd9363 Ehl Firmware →

Sd9363 Ehl V2 Firmware by Vivotek

View all CVEs affecting Sd9363 Ehl V2 Firmware →

Sd9364 Eh Firmware by Vivotek

View all CVEs affecting Sd9364 Eh Firmware →

Sd9364 Eh V2 Firmware by Vivotek

View all CVEs affecting Sd9364 Eh V2 Firmware →

Sd9364 Ehl Firmware by Vivotek

View all CVEs affecting Sd9364 Ehl Firmware →

Sd9364 Ehl V2 Firmware by Vivotek

View all CVEs affecting Sd9364 Ehl V2 Firmware →

Sd9365 Ehl Firmware by Vivotek

View all CVEs affecting Sd9365 Ehl Firmware →

Sd9366 Eh Firmware by Vivotek

View all CVEs affecting Sd9366 Eh Firmware →

Sd9366 Eh V2 Firmware by Vivotek

View all CVEs affecting Sd9366 Eh V2 Firmware →

Sd9366 Ehl Firmware by Vivotek

View all CVEs affecting Sd9366 Ehl Firmware →

Sd9374 Ehl\(x\) Firmware by Vivotek

View all CVEs affecting Sd9374 Ehl\(x\) Firmware →

Tb9330 E Firmware by Vivotek

View all CVEs affecting Tb9330 E Firmware →

Tb9331 E Firmware by Vivotek

View all CVEs affecting Tb9331 E Firmware →

Vc8101 Firmware by Vivotek

View all CVEs affecting Vc8101 Firmware →

Vs8100 V2 Firmware by Vivotek

View all CVEs affecting Vs8100 V2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attacker to execute arbitrary commands, install persistent backdoors, pivot to internal networks, and disable camera functionality.

🟠

Likely Case

Unauthorized access to camera feeds, device configuration changes, and potential use as foothold for lateral movement within the network.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent authenticated attackers from reaching vulnerable interfaces.

🌐 Internet-Facing: HIGH - Network cameras are often exposed to the internet, and authenticated access could be obtained through default credentials or credential reuse.

🏢 Internal Only: MEDIUM - Requires authenticated access, but internal attackers or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained. The vulnerability is in script upload functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: XXXXX-VVTK-2.2002.xx.01x or later, XXXXX-VVTK-0XXXX_Beta2 or later

Vendor Advisory: http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf

Restart Required: Yes

Instructions:

1. Download latest firmware from VIVOTEK support portal. 2. Log into camera web interface. 3. Navigate to Maintenance > Firmware Upgrade. 4. Upload firmware file. 5. Wait for automatic reboot.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN with restricted access to management interfaces

Access Control

all

Implement strong authentication, change default credentials, and restrict admin access to trusted IPs

🧯 If You Can't Patch

• Segment cameras on isolated network with no internet access
• Implement strict firewall rules to block all inbound traffic except from authorized management stations

🔍 How to Verify

Check if Vulnerable:

Copy

Check firmware version in camera web interface under Maintenance > System Information

Check Version:

Copy

No CLI command available - check via web interface or SNMP if configured

Verify Fix Applied:

Copy

Confirm firmware version is XXXXX-VVTK-2.2002.xx.01x or later, or XXXXX-VVTK-0XXXX_Beta2 or later

📡 Detection & Monitoring

Log Indicators:

• Unusual file uploads to camera web interface
• Multiple failed login attempts followed by successful login
• Unexpected process execution or system commands

Network Indicators:

• HTTP POST requests to script upload endpoints from unusual sources
• Outbound connections from cameras to unexpected destinations

SIEM Query:

Copy

source="camera_logs" AND (event="file_upload" OR event="script_execution")

📊 Metadata

CVE ID: CVE-2020-11950

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: May 28, 2020

Last Updated: November 21, 2024

🔗 References

• http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf Vendor Advisory
• http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-11950, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)

CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)

CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)