CVE-2025-66050

EPSS 0.05%
Veröffentlicht 09.01.2026 11:53:45
Zuletzt bearbeitet 14.01.2026 17:48:29
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need.
The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vivotek ≫ Ip7137 Firmware Version0200a

Vivotek ≫ Ip7137 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvd@cert.pl	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-1393 Use of Default Password

The product uses default passwords for potentially critical functionality.

https://cert.pl/posts/2026/01/CVE-2025-66049

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-66050

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66050

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66050

EUVD