Product
ColorVu Cameras
AcuSense Cameras
Alarms
Solutions
HikConnect EcoSystem Solution
Small & Medium Business Solutions
Construction Site Solutions
ANZ - EN
X
Product
ColorVu Cameras
AcuSense Cameras
Alarms
Solutions
HikConnect EcoSystem Solution
Small & Medium Business Solutions
Construction Site Solutions

Security Advisory - Remote Command Execution Vulnerability in Some Hikvision Wireless Access Point

 

    Remote Command Execution Vulnerability in Some Hikvision Wireless Access Point

    SN No: HSRC-202506-01

    Edit: Hikvision Security Response Center (HSRC)

    Initial Release Date: 2025-06-13

     

    Summary

    Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.

     

    CVE ID

    CVE-2025-39240

     

    Scoring:

    CVSS v3.1 is adopted in this vulnerability scoring. (http://www.first.org/cvss/specification-document)

    Base score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

     

    Affected versions and fix

    Product Model

    Affected Version

    Resolved Version

    DS-3WAP622G-SI

    V1.1.5402 build241014 (E2254P02) and the versions prior to it

    V1.1.6300 build250331 (R2263)

    DS-3WAP623E-SI

    V1.1.5400 build240814 (E2254) and the versions prior to it

    V1.1.6300 build250331 (R2263)

    DS-3WAP521-SI

    V1.1.5400 build240814 (E2254) and the versions prior to it

    V1.1.6300 build250331 (R2263)

    DS-3WAP522-SI

    V1.1.5402 build241014 (E2254P02) and the versions prior to it

    V1.1.6300 build250331 (R2263)

    DS-3WAP621E-SI

    V1.1.5400 build240814 (E2254) and the versions prior to it

    V1.1.6300 build250331 (R2263)

    DS-3WAP622E-SI

    V1.1.5402 build241014 (E2254P02) and the versions prior to it

    V1.1.6300 build250331 (R2263)

    Obtaining Fixed Version

    Users can download the patch on the Hikvision official website.

     

    Source of Vulnerability Information

    The vulnerability was reported to Hikvision's HSRC (Hikvision Security Response Center) by independent security researcher exzettabyte.

     

    Contact Us

    To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.

    Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

     

    Manage cookies Accept All
    Accept All Manage cookies
    Sales (Home or small business)
    Sales (Others)
    Technical Support
    Subscribe Newsletter
    Online Service
    Contact Us
    Hik-Partner Pro close
    Hik-Partner Pro
    Security Business Assistant. At Your Fingertips. Learn more
    Hik-Partner Pro
    Scan and download the app
    Download
    Hik-Partner Pro
    Hik-Partner Pro

    Get a better browsing experience

    You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.