CVE-2026-22623

HIGH
2026-01-30 [email protected]
7.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 30, 2026 - 11:15 nvd
HIGH 7.2

Tags

Command Injection RCE

Description

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.

Analysis

Authenticated command injection in HIKSEMI NAS devices allows privileged users to execute arbitrary commands through improper input validation on the device interface. Attackers with valid credentials can craft malicious messages to achieve unauthenticated code execution on affected systems. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all HIKSEMI NAS devices in your environment and document which models/versions are affected. Within 7 days: Implement network segmentation to restrict NAS access to only authorized users and systems; enable audit logging for all NAS administrative activities. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

36
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

CVE-2026-22623 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy