7
CVEs
1
Critical
6
High
0
KEV
0
PoC
7
Unpatched C/H
0.0%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
6
MEDIUM
0
LOW
0
Monthly CVE Trend
Affected Products (30)
Stack Overflow
2
Java
1
Ds K5033 Firmware
1
Ds K1t6qt F43 Firmware
1
Ds K1t510 Firmware
1
Ds K1t341a Firmware
1
PHP
1
Ds K1t804a Firmware
1
Ds K1t8005 Firmware
1
Ds K1t344 Firmware
1
Ds K1t6qt F72 Firmware
1
Ds K1t808 Firmware
1
Ds K1t321 Firmware
1
Ds K1t320 Firmware
1
Command Injection
1
Ds K1t341b Firmware
1
Ds K1t804b Firmware
1
Ds K1t342 Firmware
1
Ds K1t341c Firmware
1
Ds K1t331 Firmware
1
Ds K1t201a Firmware
1
Ds K5671 Firmware
1
Ds K1t671 Firmware
1
Deserialization
1
Ds K1t8003 Firmware
1
Ds K1t343 Firmware
1
Ds K1t323 Firmware
1
Ds K1t680 Firmware
1
Ds K1t981 Firmware
1
Ds K1t673 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-34067 | An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. | CRITICAL | 10.0 | 2.7% | 53 |
No patch
|
| CVE-2025-34058 | Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files. | HIGH | 8.7 | 1.2% | 45 |
No patch
|
| CVE-2025-66177 | There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-66176 | There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-45851 | An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue. | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2025-39240 | CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit. | HIGH | 7.2 | 0.2% | 36 |
No patch
|
| CVE-2026-0709 | Authenticated command injection in Hikvision Wireless Access Points allows credential-holding attackers to execute arbitrary commands through insufficient input validation on network packets. The vulnerability affects all users of vulnerable Hikvision WAP models with valid account access and currently lacks available patches. With a CVSS score of 7.2, this poses a significant risk for environments where administrative credentials may be compromised or shared. | HIGH | 7.2 | 0.0% | 36 |
No patch
|