VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi.
https://www.vivotek.com/website/support/cybersecurity/
http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf