Description
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Published: 2026-05-09
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in certain Hikvision switch devices permits authenticated users to execute arbitrary system commands. The vulnerability stems from inadequate validation of command payloads that are accepted over the network. If an attacker can supply crafted packets, they can run any code with the privileges of the system account used for authentication, leading to full compromise of the device.

Affected Systems

The affected products are the Hikvision DS-3E1310P-SI, DS-3E1318P-SI, and DS-3E1326P-SI switches. These models were discontinued in December 2023 and are no longer supported; no specific firmware or software version ranges are provided by the advisory.

Risk and Exploitability

The CVSS score of 7.2 indicates a medium‑to‑high severity. Exploitation requires valid credentials, but once authenticated the attacker can perform arbitrary command execution. Because the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, there is no current evidence of widespread exploitation. The attack vector is inferred to be remote over the network, and the flaw is a classic command‑injection weakness.

Generated by OpenCVE AI on May 9, 2026 at 10:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued firmware upgrade that eliminates the input validation issue
  • If no patch is available, restrict network exposure by placing the device behind a strict firewall and permitting only trusted management IPs
  • Disable or remove unused remote services such as telnet, SSH, or RDP that enable the authenticated channel

Generated by OpenCVE AI on May 9, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Command Execution Vulnerability in Hikvision Switches
Weaknesses CWE-20
CWE-77

Sat, 09 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: hikvision

Published:

Updated: 2026-05-09T08:27:55.964Z

Reserved: 2026-03-09T09:20:38.428Z

Link: CVE-2026-3828

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-09T09:16:09.107

Modified: 2026-05-09T09:16:09.107

Link: CVE-2026-3828

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T11:00:07Z

Weaknesses