Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
AnalysisAI
Authenticated remote command execution in discontinued Hikvision DS-3E series switches (DS-3E1310P-SI, DS-3E1318P-SI, DS-3E1326P-SI) allows high-privilege users to execute arbitrary operating system commands by sending specially crafted network packets with malicious payloads due to insufficient input validation. The vulnerability carries a CVSS score of 7.2 with network attack vector and low complexity, though exploitation requires high-privilege credentials. Products were discontinued in December 2023, suggesting limited patch support and potential long-term exposure for deployed devices.
Technical ContextAI
This vulnerability affects Hikvision's DS-3E series managed PoE switches, specifically models DS-3E1310P-SI (10-port), DS-3E1318P-SI (18-port), and DS-3E1326P-SI (26-port). The flaw stems from insufficient input validation in the switch management interface or protocol handlers that process network packets from authenticated administrative users. When the device receives crafted packets containing embedded operating system commands, the switch fails to properly sanitize or validate the input before passing it to system-level execution functions. This represents a classic injection vulnerability where untrusted data crosses a trust boundary into a privileged execution context. The affected switches run embedded firmware with administrative interfaces for device management, and the vulnerability likely resides in web management, CLI, or SNMP handling functions that accept user-supplied parameters without adequate bounds checking or command filtering.
RemediationAI
Consult Hikvision's official security advisory at https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-switch-product/ for patch availability and specific remediation guidance, though patch support may be limited given the December 2023 product discontinuation. Primary recommendation is device replacement with currently supported switch models that receive active security updates. If immediate replacement is not feasible, implement strict network segmentation to isolate affected switches on dedicated management VLANs inaccessible from user networks or the internet, which limits exposure to trusted administrators only but does not eliminate insider threat risk. Enforce strong authentication controls including multi-factor authentication for all administrative access, implement principle of least privilege by restricting admin account distribution to essential personnel only, enable comprehensive logging of all administrative sessions with real-time monitoring for suspicious command execution patterns, and disable unnecessary management protocols (web interface, Telnet, SNMP if not required) to reduce attack surface, though this may limit operational flexibility for legitimate administration. Deploy network access control (NAC) or 802.1X port authentication to verify connected devices and further restrict unauthorized network access. These compensating controls reduce but do not eliminate risk, making device replacement the only definitive long-term solution for discontinued products without patch support.
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote atta
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), a
A command injection vulnerability in the web server of some Hikvision product. Rated critical severity (CVSS 9.8), this
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated critical severity
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated cr
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as proble
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Se
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated medium severity (
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obta
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially cr
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28908
GHSA-q7wq-j9rx-47m6