Primary

Context

Hikvision Wireless Access Points Authenticated Remote Command Execution Vulnerability

Vulnerability

Patched

A vulnerability allowing authenticated remote command execution has been identified in certain Hikvision Wireless Access Point models. This issue arises from inadequate input validation, which enables attackers with valid credentials to send crafted packets containing malicious commands to the affected devices, resulting in arbitrary command execution.

Impact

Exploitation of this vulnerability allows for authenticated remote command execution on the affected access points.

Remediation

Users can download the fixed version from the Hikvision official website. The specific patched version is V1.1.6300 build250331 (R2263).

Added: Jun 13, 2025, 8:17 AM

Updated: Jun 13, 2025, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hikvision Wireless Access Points Authenticated Remote Command Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Hikvision DS-3WAP622G-SI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating