Home

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.

PUBLISHED Reserved 2026-01-09 | Published 2026-01-13 | Updated 2026-01-20 | Assigner larry_cashdollar




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/U:Amber

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status
unaffected

0100a (custom)
affected

0106a (custom)
affected

0106b (custom)
affected

0107a (custom)
affected

0107b_1 (custom)
affected

0109a (custom)
affected

0112a (custom)
affected

0113a (custom)
affected

0113d (custom)
affected

0117b (custom)
affected

0119e (custom)
affected

0120b (custom)
affected

0121 (custom)
affected

0121d (custom)
affected

0121d_48573_1 (custom)
affected

0122e (custom)
affected

0124d_48573_1 (custom)
affected

012501 (custom)
affected

012502 (custom)
affected

0125c (custom)
affected

Credits

Larry W. Cashdollar finder

References

www.vapidlabs.com/advisory.php?v=220

www.akamai.com/...ction-vivotek-legacy-firmware-need-to-know

cve.org (CVE-2026-22755)

nvd.nist.gov (CVE-2026-22755)

Download JSON