Skip to main content

H.View HV-500S6 EUVDEUVD-2026-39927

| CVE-2026-56414 HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-06-26 icscert GHSA-65q4-rvjr-c9r5
8.6
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.5 MEDIUM

Network-reachable admin upload with no user interaction (AV:N/AC:L/UI:N) but requires high-privilege auth (PR:H); core impact is file/certificate integrity (I:H) with possible service disruption (A:L) and no clear data disclosure (C:N).

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVE Published
Jun 26, 2026 - 23:33 cve.org
HIGH 8.6
Analysis Generated
Jun 26, 2026 - 23:31 vuln.today
CVSS changed
Jun 26, 2026 - 23:22 NVD
7.2 (HIGH) 8.6 (HIGH)

DescriptionCVE.org

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot.

AnalysisAI

Arbitrary file upload in H.View HV-500S6 IP cameras lets an authenticated, high-privilege user (per CVSS PR:H) write unvalidated content to fixed, persistent filesystem paths reserved for trusted TLS certificate material, with no checks on file type, structure, or size. Because the planted data survives reboot, an attacker can corrupt or replace certificate stores to undermine device integrity, availability, and trust. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain admin credentials to camera UI
Delivery
Reach certificate upload endpoint over network
Exploit
Upload unvalidated malformed file to fixed cert path
Execution
File persists to filesystem
Persist
Device reloads tampered certificate on reboot
Impact
Integrity/availability of TLS services degraded

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with high privileges (CVSS PR:H) - typically an administrative account able to reach the certificate-related upload interfaces - and network access to the camera's management web service (AV:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained administrator credentials (via reuse, default passwords, or a separate auth bypass) logs into the camera's web interface and uses the certificate upload feature to push a malformed or oversized file into the fixed certificate path instead of a valid PEM. On reboot the device loads the corrupted certificate slot, disrupting TLS services or device behavior in a way that survives restarts; no public POC is currently known.
Remediation No vendor-released patch version was identified at time of analysis; the only vendor reference is a contact page (https://hviewsmart.com/pages/contact-us), so consult CISA advisory ICSA-26-176-05 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-05) and contact H.View for updated firmware before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39927 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy