Skip to main content

HIKSEMI NAS CVE-2026-22625

MEDIUM
Path Traversal (CWE-22)
2026-01-30 hsrc@hikvision.com
4.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 30, 2026 - 11:15 nvd
MEDIUM 4.6

DescriptionCVE.org

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.

AnalysisAI

HIKSEMI NAS devices improperly validate filenames, allowing attackers with physical access to traverse directory structures and read sensitive system files. This vulnerability affects confidentiality but requires local presence and no authentication, making it a risk primarily in physically accessible environments. No patch is currently available for this issue.

Technical ContextAI

Classified as CWE-22 (Path Traversal). Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.

Affected ProductsAI

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.

RemediationAI

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists.

Share

CVE-2026-22625 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy