CVE-2026-22755
📋 TL;DR
This CVE describes a command injection vulnerability in multiple Vivotek device models that allows attackers to execute arbitrary operating system commands. The vulnerability affects specific firmware versions across numerous camera and surveillance products. Attackers can potentially gain full control of affected devices.
💻 Affected Systems
- FD8365
- FD8365v2
- FD9165
- FD9171
- FD9187
- FD9189
- FD9365
- FD9371
- FD9381
- FD9387
- FD9389
- FD9391
- FE9180
- FE9181
- FE9191
- FE9381
- FE9382
- FE9391
- FE9582
- IB9365
- IB93587LPR
- IB9371
- IB9381
- IB9387
- IB9389
- IB939
- IP9165
- IP9171
- IP9172
- IP9181
- IP9191
- IT9389
- MA9321
- MA9322
- MS9321
- MS9390
- TB9330
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise leading to lateral movement within the network, data exfiltration, or use as a botnet node.
Likely Case
Unauthorized access to device, modification of configurations, installation of malware, or use in DDoS attacks.
If Mitigated
Limited impact if devices are isolated in separate VLANs with strict network segmentation and access controls.
🎯 Exploit Status
Public research and advisories exist demonstrating the vulnerability. Command injection vulnerabilities are typically easy to exploit once the attack vector is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available information
Vendor Advisory: Not provided in references
Restart Required: Yes
Instructions:
1. Check Vivotek's official security advisories for firmware updates. 2. Download appropriate firmware for your device model. 3. Follow Vivotek's firmware update procedures. 4. Verify successful update and restart device.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices in separate VLANs with strict firewall rules
Access Control Lists
allImplement strict network ACLs to limit device access to authorized IPs only
🧯 If You Can't Patch
- Remove internet-facing exposure by placing devices behind VPN or secure gateway
- Implement network monitoring and intrusion detection for suspicious command execution patterns
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface or SSH against affected version listCheck Version:
Check via device web interface: System > Information > Firmware VersionVerify Fix Applied:
Verify firmware version has been updated to a version not listed in affected versions📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns
- Unexpected system modifications
- Unauthorized configuration changes
Network Indicators:
- Suspicious outbound connections from devices
- Unexpected network traffic patterns
- Connection attempts to known malicious IPs
SIEM Query:
source="vivotek" AND (event="command_execution" OR event="system_modification")