HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-30650Published Modified CNA mitre

CVE-2026-30650: A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A stack-based buffer overflow affects the /cgi-bin/admin/eventtask.cgi endpoint in the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. The vulnerability is reachable over the network and requires a low-privilege authenticated session, meaning any account with login access is sufficient to trigger it. Successful exploitation gives the attacker arbitrary code execution as root on the camera. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.

HarborGuard Coverage

Detection

Detection for CVE-2026-30650 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images derived from affected firmware layers. Any image carrying the vulnerable Vivotek FD8136 firmware version will surface in scan results automatically.

Available
Triage

HarborGuard scores this CVE at 8.8 HIGH using the CVSS v3.1 vector and applies per-environment compliance policy weighting to determine urgency, then routes findings to the appropriate team inbox inside each customer org. Customers with custom severity overrides or asset-criticality tags applied to camera-class images will see adjusted prioritization automatically.

Available
Patch

No fix version has been published for this CVE yet. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment the upstream vendor ships a corrected firmware or package. Customers with auto-remediation enabled will receive a rebuilt image, a regression-test run, and a PR opened against affected workloads as soon as that upstream fix is available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the camera's admin web interface over the network; the vulnerable CGI endpoint is exposed via HTTP/HTTPS on the device's network-facing admin port.

  • AuthenticationRequired

    A valid account on the admin interface is required, but any low-privilege account is sufficient to trigger the overflow.

  • Victim interactionNot required

    No action from another user or administrator is needed; the attacker sends a crafted request directly to the endpoint.

  • Attack complexityDetail

    Exploit complexity is low, meaning the attack is reliable and requires no special timing, race conditions, or environmental pre-conditions beyond network access and a valid session.

Blast Radius

  • A successful attacker gains arbitrary code execution running as root, giving full control over the camera's operating environment.
  • The attacker can read all data accessible on the device, including stored credentials, configuration files, and any cached video streams or snapshots.
  • The attacker can modify device configuration, disable security controls, or install persistent backdoors in firmware-writable storage.
  • The attacker can crash or disable the camera entirely, disrupting physical security monitoring for the affected location.

How HarborGuard Handles This

Available on HarborGuard: this CVE is flagged and matched against all customer images as soon as it enters the ingestion pipeline, with no manual intervention needed. Because no upstream fix has been published as of the CVE's publication date, HarborGuard monitors the advisory on every ingest cycle and will trigger rebuild and auto-remediation workflows the moment a patched firmware version or base-image layer is released by the vendor. In the interim, customers can apply compensating controls through HarborGuard's policy engine: network-policy isolation rules can flag or block deployment of images carrying this firmware version in internet-exposed or production segments, and egress filtering recommendations can be surfaced to teams managing camera-class workloads. For customers with auto-remediation enabled, the full rebuild, regression-test, and PR-open flow will execute automatically once the upstream patch is available, with high-severity issues targeting a median time from CVE publication to merged patch PR of around 90 minutes in environments where that policy is active.

See how HarborGuard automates this
Affected packages
  • n/a / n/a
    n/a
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References