๐Ÿ” CVE Alert

CVE-2026-0709

HIGH 7.2
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.

Vendor hikvision
Product ds-3wap521-si
Published Jan 30, 2026
Last Updated Feb 27, 2026
Stay Ahead of the Next One

Get instant alerts for hikvision ds-3wap521-si

Be the first to know when new high vulnerabilities affecting hikvision ds-3wap521-si are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Hikvision / DS-3WAP521-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP522-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP621E-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP622E-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP623E-SI
V1.1.6303 build250812 and earlier
Hikvision / DS-3WAP622G-SI
V1.1.6303 build250812 and earlier

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
hikvision.com: https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-wireless-access-point-products/

Credits

exzettabyte