A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2026-22755, affects dozens of camera models and poses significant risks to organizations relying on legacy surveillance infrastructure. The vulnerability exists in the upload_map.cgi script, where user-supplied filenames are processed through an unsanitized snprintf() function […]
The post Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: