Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf