CVE-2026-35718
MEDIUM WAF: High
CVSS 6.5
Published: 2026-06-02
CWE-22 CWE-22
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| vivotek | fd8136_firmware | 0300a |
References
- vivotek.com (Product)
- github.com (Third Party Advisory)