CVE-2025-66050

CRITICAL

9.8

Description

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/9/2026

Derniere modification1/14/2026

Sourcenvd

Observations honeypot0

Produits affectes

vivotek:ip7137vivotek:ip7137_firmware

Faiblesses (CWE)

CWE-1393

References

https://cert.pl/posts/2026/01/CVE-2025-66049(cvd@cert.pl)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.