CVE 9.3 CRITICAL

No password set for administrative account in Vivotek IP7137 cameras_CVE-2025-66050

January 9, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Vivotek IP7137 camera with firmware version 0200a by default does not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need.
The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

AI Analysis

Default administrative account without password in Vivotek IP7137 camera

Basic Information

ID CVE-2025-66050

Source CERT-PL

Published Jan 9, 2026 at 11:53

Affected Product

Vendor Vivotek

Product IP7137

Version 0200a

Affected Versions Vivotek IP7137 0200a

CWE Classification

CWE-1393

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Vivotek

Product IP7137

Version 0200a

References

cert.pl /posts/2026/01/CVE-2025-66049

{
    "lastseen": "",
    "description": "Vivotek IP7137 camera with firmware version 0200a by default does not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need.\nThe vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.",
    "published": "2026-01-09T11:53:45.338Z",
    "modified": "2026-01-09T11:53:45.338Z",
    "type": "cve",
    "title": "No password set for administrative account in Vivotek IP7137 cameras",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2026/01/CVE-2025-66049",
    "id": "CVE-2025-66050",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1393"
    ],
    "cvelist": null,
    "sourceData": "Vivotek IP7137 0200a",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "IP7137",
    "version": "0200a",
    "vendor": "Vivotek",
    "ai_description": "Default administrative account without password in Vivotek IP7137 camera",
    "ai_severity": "Critical",
    "ai_vendor": "Vivotek",
    "ai_product": "IP7137",
    "ai_version": "0200a",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply