Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2025-66050
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Published: Jan 09, 2026
Last Modified: Jan 14, 2026
Vulnerability Description
Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need.
The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
1 configuration(s) from 1 vendor(s)
ip7137_firmware
Version:
0200a
CPE:
cpe:2.3:o:vivotek:ip7137_firmware:0200a:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
9.8
out of 10.0
Critical
Key Information
- Published Date
- January 09, 2026
