CVE-2026-56414

HIGH 7.2

H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot.

CWE	CWE-434
Vendor	h.view
Product	hv-500s6 ip camera
Published	Jun 26, 2026

Stay Ahead of the Next One

Get instant alerts for h.view hv-500s6 ip camera

Be the first to know when new high vulnerabilities affecting h.view hv-500s6 ip camera are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

H.VIEW / HV-500S6 IP Camera

IPCAM_V4.06.88.251229

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hviewsmart.com: https://hviewsmart.com/pages/contact-us cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-05 github.com: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-05.json

Credits

Fukuhara Rikuto of Smooth Inc. (CTO) and Hosei University reported this vulnerability to CISA.