CVE-2026-35718
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk50th percentile - higher than 50% of all known CVEs
Summary
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.
Risk Assessment
The risk involves unauthorized reading of sensitive system files, configuration files, or user data, potentially leading to information disclosure and further attack escalation.
Recommendation
It is recommended to immediately update the firmware to the latest version and restrict access to the administrative panel to trusted IP addresses only.
Original NVD description (English source)
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.

