Vivotek IP7137 Missing Authentication Vulnerability in Default Administrator Login

Vulnerability

A vulnerability exists in the Vivotek IP7137 camera running firmware version 0200a, where the administrator login does not require a password by default. Although users can set a password, they are not notified of this requirement. This issue may affect all firmware versions, and since the product has reached its End-Of-Life phase, no fix is anticipated.

Impact

Exploitation of this vulnerability allows unauthorized access to the camera's administrative functions, potentially leading to further exploitation of other identified vulnerabilities in the same product.

Added: Jan 9, 2026, 12:23 PM

Updated: Jan 9, 2026, 12:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vivotek IP7137 Missing Authentication Vulnerability in Default Administrator Login

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating