Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
AnalysisAI
CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.
Technical ContextAI
This vulnerability resides in Hikvision Wireless Access Point firmware and affects the command processing pipeline. The root cause is CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating that user-supplied input from authenticated API/packet handlers is passed unsanitized to OS command execution functions (likely via system() or equivalent calls). The vulnerability exists in network-facing services that accept authenticated connections, processing malformed packets without proper input validation or sanitization. Affected CPE pattern: cpe:2.3:a:hikvision:wireless_access_point:*:*:*:*:*:*:*:* (specific version ranges to be determined from vendor advisory). The attack surface includes device management interfaces, API endpoints, or protocol handlers that parse incoming packets from authenticated users.
RemediationAI
Immediate Actions: (1) Apply firmware patches released by Hikvision (version numbers to be provided in official advisory; monitor Hikvision support portal and CISA alerts). (2) Restrict network access to WAP management interfaces using firewall rules—limit to trusted administrative subnets only. (3) Enforce strong authentication: disable default credentials, enforce complex passwords, and implement multi-factor authentication on device APIs if available. (4) Monitor device logs for suspicious authenticated API calls or command patterns. (5) Segment wireless infrastructure from critical systems. Workarounds (pre-patch): (a) Disable remote management features if not required (CLI/API). (b) Use VPN or bastion hosts for all device administration. (c) Implement rate limiting and IDS signatures for malformed packet detection. (d) Audit user accounts and revoke unnecessary privileges. Long-term: Subscribe to Hikvision security bulletins, establish patch management procedures for network infrastructure, and conduct periodic privilege access reviews.
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote atta
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), a
A command injection vulnerability in the web server of some Hikvision product. Rated critical severity (CVSS 9.8), this
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated critical severity
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated cr
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as proble
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Se
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated medium severity (
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obta
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially cr
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18247