Hikvision IP ping.php - Command Execution

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

Hikvision IP camera/NVR - Remote Command Execution

Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. id: CVE-2021-36260 info: name: Hikvisio...

Hikvision Hik-Connect APP 安全漏洞

Hikvision Hik-Connect APP is a mobile monitoring application developed by Hikvision, a company in China, designed for remote access and management of video surveillance devices. The Hikvision Hik-Connect APP has a security vulnerability, which stems from insufficiently strict restrictions on...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

The CVE affects some Hikvision switch products (discontinued since December 2023) and is caused by insufficient input validation enabling authenticated remote command execution. With valid credentials, an attacker can send crafted packets containing malicious commands to affected devices, resulti...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

EUVD-2026-28908

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

Hikvision HikCentral Professional 安全漏洞

Hikvision HikCentral Professional is a professional edition of the AI Cloud-based application management platform designed for edge domains by Hikvision, a Chinese company. Hikvision HikCentral Professional has security vulnerabilities, particularly an access control issue that may allow...

Hikvision多款产品 安全漏洞

Hikvision DS-3E1310P-SI, DS-3E1318P-SI, and DS-3E1326P-SI are all intelligent switch devices from Hikvision, a Chinese company. Several Hikvision products have security vulnerabilities. These vulnerabilities stem from insufficient input validation, allowing authenticated attackers to execute...

PT-2026-39325

Name of the Vulnerable Software and Affected Versions Hikvision switch products affected versions not specified Description Certain Hikvision switch products, discontinued since December 2023, contain a flaw allowing authenticated remote command execution. This issue stems from insufficient input...

Hikvision - Authentication Bypass

Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0...

TP-Link, Canva, HikVision vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

Exploit for CVE-2026-0709

Hikvision Wireless AP – CVE-2026-0709 Authenticated RCE Tool...

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed bel...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2017-7921link is external Hikvision Multiple Products Improper Authentication Vulnerability CVE-2021-22681link is external Rockwell Multiple Products...

Hikvision Multiple Products Improper Authentication Vulnerability

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information...

VulnCheck KEV: CVE-2023-6895

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...