Skip to main content

Hikvision

Vendor security scorecard – 2 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 8
2
CVEs
0
Critical
2
High
0
KEV
0
PoC
2
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
2
MEDIUM
0
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-3828 Authenticated remote command execution in discontinued Hikvision DS-3E series switches (DS-3E1310P-SI, DS-3E1318P-SI, DS-3E1326P-SI) allows high-privilege users to execute arbitrary operating system commands by sending specially crafted network packets with malicious payloads due to insufficient input validation. The vulnerability carries a CVSS score of 7.2 with network attack vector and low complexity, though exploitation requires high-privilege credentials. Products were discontinued in December 2023, suggesting limited patch support and potential long-term exposure for deployed devices. HIGH 7.2 0.0% 36
No patch
CVE-2026-0709 Authenticated command injection in Hikvision Wireless Access Points allows credential-holding attackers to execute arbitrary commands through insufficient input validation on network packets. The vulnerability affects all users of vulnerable Hikvision WAP models with valid account access and currently lacks available patches. With a CVSS score of 7.2, this poses a significant risk for environments where administrative credentials may be compromised or shared. HIGH 7.2 0.0% 36
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy