CVE-2026-0709

HIGH

Hikvision Wireless AP - Command Injection

Title source: llm

Description

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.

Exploits (2)

github STUB 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-0709

View Code ZIP pw:eip

nomisec STUB

by SnipersMaster · poc

https://github.com/SnipersMaster/CVE-2026-0709

View Code ZIP pw:eip

References (1)

[Various Sources] https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-wireless-access-point-products/

Scores

CVSS v3 7.2

EPSS 0.0002

EPSS Percentile 4.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (6)

Hikvision/DS-3WAP521-SI V1.1.6303 build250812 and earlier

Hikvision/DS-3WAP522-SI V1.1.6303 build250812 and earlier

Hikvision/DS-3WAP621E-SI V1.1.6303 build250812 and earlier

Hikvision/DS-3WAP622E-SI V1.1.6303 build250812 and earlier

Hikvision/DS-3WAP622G-SI V1.1.6303 build250812 and earlier

Hikvision/DS-3WAP623E-SI V1.1.6303 build250812 and earlier

Published Jan 30, 2026

Tracked Since Feb 18, 2026