Global - EN
Command Execution Vulnerability in Some Hikvision Wireless Access Point Products
SN No.:HSRC-202601-02
Edit:Hikvision Security Response Center (HSRC)
Initial Release Date:2026-01-30
Summary
(1) Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
CVE ID
CVE-2026-0709
Scoring
CVSS v3.1 is adopted in this vulnerability scoring. (http://www.first.org/cvss/specification-document)
Base score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected versions and fix
Product Model |
Affected Version |
Resolved Version |
DS-3WAP521-SI |
V1.1.6303 build250812 and earlier |
V1.1.6601 build251223 |
DS-3WAP522-SI |
V1.1.6303 build250812 and earlier |
V1.1.6601 build251223 |
DS-3WAP621E-SI |
V1.1.6303 build250812 and earlier |
V1.1.6601 build251223 |
DS-3WAP622E-SI |
V1.1.6303 build250812 and earlier |
V1.1.6601 build251223 |
DS-3WAP623E-SI |
V1.1.6303 build250812 and earlier |
V1.1.6601 build251223 |
DS-3WAP622G-SI |
V1.1.6303 build250812 and earlier |
V1.1.6601 build251223 |
Obtaining Fixed Version
Users can download the patch on the Hikvision official website.
Source of Vulnerability Information
The vulnerability was reported to Hikvision's HSRC (Hikvision Security Response Center) by independent security researcher exzettabyte.
Contact Us
To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.
Disclaimer
This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Hikvision or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Hikvision is entitled to amend or update this document from time to time.
Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.
