4
CVEs
0
Critical
4
High
0
KEV
0
PoC
4
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
4
MEDIUM
0
LOW
0
Monthly CVE Trend
Affected Products (30)
Ds K1t105a Firmware
1
Ds K1t201a Firmware
1
Ds K1t320 Firmware
1
Ds K1t321 Firmware
1
Ds K1t323 Firmware
1
Ds K1t331 Firmware
1
Ds K1t341a Firmware
1
Ds K1t341b Firmware
1
Ds K1t341c Firmware
1
Ds K1t342 Firmware
1
Ds K1t343 Firmware
1
Ds K1t344 Firmware
1
Ds K1t510 Firmware
1
Ds K1t670 Firmware
1
Ds K1t671 Firmware
1
Ds K1t672 Firmware
1
Ds K1t673 Firmware
1
Ds K1t680 Firmware
1
Ds K1t6qt F43 Firmware
1
Ds K1t6qt F72 Firmware
1
Ds K1t8003 Firmware
1
Ds K1t8005 Firmware
1
Ds K1t804a Firmware
1
Ds K1t804b Firmware
1
Ds K1t808 Firmware
1
Ds K1t981 Firmware
1
Ds K5033 Firmware
1
Ds K5671 Firmware
1
Java
1
PHP
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-66177 | There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-66176 | There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-3828 | Authenticated remote command execution in discontinued Hikvision DS-3E series switches (DS-3E1310P-SI, DS-3E1318P-SI, DS-3E1326P-SI) allows high-privilege users to execute arbitrary operating system commands by sending specially crafted network packets with malicious payloads due to insufficient input validation. The vulnerability carries a CVSS score of 7.2 with network attack vector and low complexity, though exploitation requires high-privilege credentials. Products were discontinued in December 2023, suggesting limited patch support and potential long-term exposure for deployed devices. | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-0709 | Authenticated command injection in Hikvision Wireless Access Points allows credential-holding attackers to execute arbitrary commands through insufficient input validation on network packets. The vulnerability affects all users of vulnerable Hikvision WAP models with valid account access and currently lacks available patches. With a CVSS score of 7.2, this poses a significant risk for environments where administrative credentials may be compromised or shared. | HIGH | 7.2 | 0.0% | 36 |
No patch
|