4
CVEs
0
Critical
4
High
0
KEV
0
PoC
4
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
4
MEDIUM
0
LOW
0
Monthly CVE Trend
Affected Products (30)
Ds 76Xxx Series Firmware
3
Intercom Broadcast System
3
Ds A72024 Firmware
3
Ds A71024 Firmware
3
Ds A82024D Firmware
3
Ds A81016S Firmware
3
Ds A72072R Firmware
3
Ds A80316S Firmware
3
PHP
3
Ds A71048R Cvs Firmware
3
Ds A80624S Firmware
3
Ds A71048 Firmware
3
Ds 77Xxx Series Firmware
3
Ds A71072R Firmware
3
Ds A72048R Cvs Firmware
2
Ds 2Cd3686G2 Izs Firmware
1
Ds 2Xe6242F Is 316L B Firmware
1
Ds K1t670 Firmware
1
Ds K1t804a Firmware
1
Ids 2Sk8144Ixs D J Firmware
1
Ids 2Sk718Mxs D Firmware
1
Ds 2Cd3323G2 Iu Firmware
1
Ds 2Cd2163G2 Iu Firmware
1
Dvr Ds 7204 Firmware
1
Ds 2Td4136T 9 Firmware
1
Ds K5671 Firmware
1
Ds 2Cd3526G2 Is Firmware
1
Ds 2Cd2332 I Firmware
1
Ds K1t8003 Firmware
1
Ds 2Cd2623G2 Izs Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-66177 | There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-66176 | There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-3828 | Authenticated remote command execution in discontinued Hikvision DS-3E series switches (DS-3E1310P-SI, DS-3E1318P-SI, DS-3E1326P-SI) allows high-privilege users to execute arbitrary operating system commands by sending specially crafted network packets with malicious payloads due to insufficient input validation. The vulnerability carries a CVSS score of 7.2 with network attack vector and low complexity, though exploitation requires high-privilege credentials. Products were discontinued in December 2023, suggesting limited patch support and potential long-term exposure for deployed devices. | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-0709 | Authenticated command injection in Hikvision Wireless Access Points allows credential-holding attackers to execute arbitrary commands through insufficient input validation on network packets. The vulnerability affects all users of vulnerable Hikvision WAP models with valid account access and currently lacks available patches. With a CVSS score of 7.2, this poses a significant risk for environments where administrative credentials may be compromised or shared. | HIGH | 7.2 | 0.0% | 36 |
No patch
|