EIP-2026-119675

PRE-CVE

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119675. PoCs published by Matamorphosis.

AI-analyzed exploit summary This exploit leverages a backdoor in Hikvision IP Camera firmware versions 5.2.0 to 5.3.9 to reset user passwords by sending crafted XML requests to the Security/users endpoint with a hardcoded authentication key. It demonstrates an authentication bypass vulnerability (ICSA-17-124-01).

Description

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass

Exploits (1)

exploitdb WORKING POC

by Matamorphosis · pythonwebappsxml

https://www.exploit-db.com/exploits/44328

View Code ZIP pw:eip

This exploit leverages a backdoor in Hikvision IP Camera firmware versions 5.2.0 to 5.3.9 to reset user passwords by sending crafted XML requests to the Security/users endpoint with a hardcoded authentication key. It demonstrates an authentication bypass vulnerability (ICSA-17-124-01).

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Hikvision IP Camera firmware versions 5.2.0 - 5.3.9 (Builds: 140721 - 170109)

No auth needed

Prerequisites: Network access to the target camera · Knowledge of the target IP address and port

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026