Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 334, Issue 3IT Vendor NewsAkamai Technologies

Command Injection In Vivotek Legacy Firmware: What You Need To Know

Akamai Technologies, Tuesday, January 20th, 2026

The Akamai Security Intelligence and Response Team (SIRT) conducted a comprehensive analysis of Vivotek legacy firmware to address the rising threat of botnet-based distributed denial-of-service (DDoS) attacks facilitated by legacy Internet of Things (IoT) devices. Our goal was to identify and mitigate additional and previously unknown vulnerabilities that could be exploited to gain remote command injection access.

We used cutting-edge AI-driven reverse engineering tools to discover a new vulnerability that's impacting dozens of legacy camera models. We were assigned CVE-2026-22755. These AI tools helped us confirm the vulnerability and develop a working exploit to test - helping us create a firmware image that passes the validation checks to upload the payload to the vulnerable binary when testing.

more →  ·  More from Akamai Technologies →