HIGHCVE-2026-0709Published 2026-01-30Modified 2026-02-27CNA hikvision

CVE-2026-0709: Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.

CVSS v3.1: 7.2
Severity: HIGH
Fixed in: —
Affected Products: 6

Affected packages

Hikvision / DS-3WAP521-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP522-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP621E-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP622E-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP623E-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP622G-SI
V1.1.6303 build250812 and earlier

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

hikvision.com

Metrics