CVE-2026-22755

Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi

Assigner: larry_cashdollar
Reserved: 09.01.2026 Published: 13.01.2026 Updated: 20.01.2026

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/U:Amber
CVSS Score: 9.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Vivotek
Product	Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330
Versions	Default: unaffected Version 0100a is affected Version 0106a is affected Version 0106b is affected Version 0107a is affected Version 0107b_1 is affected Version 0109a is affected Version 0112a is affected Version 0113a is affected Version 0113d is affected Version 0117b is affected Version 0119e is affected Version 0120b is affected Version 0121 is affected Version 0121d is affected Version 0121d_48573_1 is affected Version 0122e is affected Version 0124d_48573_1 is affected Version 012501 is affected Version 012502 is affected Version 0125c is affected

Vendor

Vivotek

Product

Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330

Versions

Default: unaffected

Version 0100a is affected
Version 0106a is affected
Version 0106b is affected
Version 0107a is affected
Version 0107b_1 is affected
Version 0109a is affected
Version 0112a is affected
Version 0113a is affected
Version 0113d is affected
Version 0117b is affected
Version 0119e is affected
Version 0120b is affected
Version 0121 is affected
Version 0121d is affected
Version 0121d_48573_1 is affected
Version 0122e is affected
Version 0124d_48573_1 is affected
Version 012501 is affected
Version 012502 is affected
Version 0125c is affected

Exploits

Not public but easy to reproduce.

Credits

Larry W. Cashdollar finder

References

Problem Types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE

Impacts

CAPEC-88 OS Command Injection

CVE-2026-22755 PUBLISHED