CVE-2025-66050

CRITICAL

9.8

Description

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/9/2026

Last Modified1/14/2026

Sourcenvd

Honeypot Sightings0

Affected Products

vivotek:ip7137vivotek:ip7137_firmware

Weaknesses (CWE)

CWE-1393

References

https://cert.pl/posts/2026/01/CVE-2025-66049(cvd@cert.pl)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.