Vivotek IP7137 Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability has been identified in the Vivotek IP7137 camera, specifically in firmware version 0200a. This vulnerability allows an authenticated attacker to access files and resources outside the webroot directory by sending a direct HTTP request. Additionally, due to another vulnerability (CVE-2025-66050), the camera's administration panel does not require a password by default, potentially allowing unauthorized access. The manufacturer has not responded to the vulnerability report, and no fix is expected since the product has reached its End-of-Life phase.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files and resources on the camera, potentially allowing for further exploitation or manipulation of the device.

Added: Jan 9, 2026, 12:22 PM

Updated: Jan 9, 2026, 12:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vivotek IP7137 Path Traversal Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating