Primary

Context

Hikvision Switch Products Authenticated Remote Command Execution Vulnerability

Vulnerability

A vulnerability allowing authenticated remote command execution has been identified in certain Hikvision switch products, which have been discontinued since December 2023. This issue arises from inadequate input validation, enabling attackers with valid credentials to send crafted packets containing malicious commands to the affected devices, resulting in arbitrary command execution.

Impact

Exploitation of this vulnerability allows for authenticated remote command execution on the affected devices.

Remediation

Users can upgrade to version V1.2.5_260309 for the DS-3E1310P-SI model, and to version V1.2.1_260309 for the DS-3E1318P-SI and DS-3E1326P-SI models.

Added: May 9, 2026, 9:17 AM

Updated: May 9, 2026, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hikvision Switch Products Authenticated Remote Command Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating