Vivotek FD8136 Remote Buffer Overflow Vulnerability in Eventtask.cgi Endpoint

A post-authentication remote buffer overflow vulnerability has been identified in the Vivotek FD8136 camera model, specifically in the eventtask.cgi endpoint of the admin interface. This vulnerability is present in cameras running firmware version FD8136-VVTK-0300a. The flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely. The vulnerability arises because the eventtask.cgi binary processes POST requests by reading the raw request body into a fixed-size stack buffer of approximately 136 bytes, without proper length validation. This oversight enables attackers to overflow the buffer, overwrite the saved link register, and execute arbitrary commands with root privileges. The absence of stack canaries or other memory protections in the binary facilitates exploitation.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution as root on the affected Vivotek FD8136 camera.

Reproduction

To reproduce this vulnerability, send a POST request to the '/cgi-bin/admin/eventtask.cgi' endpoint with a request body that exceeds 136 bytes. The excess data will overflow the stack buffer, overwrite the saved link register, and can be used to execute arbitrary code on the device.