• Home
  • cyber
  • Hikvision: Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution
cyber Vulnerability

Hikvision: Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution

Jan 30, 2026 2 min read
Hikvision: Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution

High-Severity Command Execution Flaw Disclosed in Hikvision Wireless Access Points

A critical authenticated command execution vulnerability, tracked as CVE-2026-0709, has been identified in multiple Hikvision Wireless Access Point (WAP) models. The flaw, rated 7.2 (High) on the CVSS v3.1 scale, stems from insufficient input validation in device firmware, allowing attackers with valid credentials to execute arbitrary commands on affected systems.

The vulnerability enables threat actors to bypass security controls by sending maliciously crafted packets to the WAP after authentication. While exploitation requires valid credentials, the risk is heightened in environments where compromised accounts, stolen credentials, or insider threats exist. Successful exploitation could lead to full system compromise, granting attackers device-level privileges.

Affected Models & Remediation

The following Hikvision WAP models running firmware versions V1.1.6303 build250812 or earlier are vulnerable:

  • DS-3WAP521-SI
  • DS-3WAP522-SI
  • DS-3WAP621E-SI
  • DS-3WAP622E-SI
  • DS-3WAP623E-SI
  • DS-3WAP622G-SI

Hikvision has released patched firmware (V1.1.6601 build 251223) to address the flaw. The vulnerability was reported on January 30, 2026, by independent researcher exzettabyte.

Mitigation & Impact

Organizations deploying affected models should immediately update to the latest firmware to prevent exploitation. For those unable to patch immediately, network segmentation, strict access controls, and credential rotation are recommended as interim measures. Monitoring authentication logs for suspicious activity can also help detect potential breaches.

Hikvision’s Hardware Security Response Center (HSRC) continues to monitor threats and encourages vulnerability disclosures via hsrc@hikvision.com. Official support channels are available for further inquiries.

Source: https://cybersecuritynews.com/hikvision-wireless-access-points-vulnerability/

Hikvision cybersecurity rating report: https://www.rankiteo.com/company/hikvision

"id": "HIK1770108920",
"linkid": "hikvision",
"type": "Vulnerability",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Surveillance and Security Solutions',
                        'name': 'Hikvision',
                        'type': 'Technology Manufacturer'}],
 'attack_vector': 'Authenticated Remote Exploitation',
 'date_detected': '2026-01-30',
 'date_publicly_disclosed': '2026-01-30',
 'description': 'A critical authenticated command execution vulnerability, '
                'tracked as CVE-2026-0709, has been identified in multiple '
                'Hikvision Wireless Access Point (WAP) models. The flaw, rated '
                '7.2 (High) on the CVSS v3.1 scale, stems from insufficient '
                'input validation in device firmware, allowing attackers with '
                'valid credentials to execute arbitrary commands on affected '
                'systems. The vulnerability enables threat actors to bypass '
                'security controls by sending maliciously crafted packets to '
                'the WAP after authentication. Successful exploitation could '
                'lead to full system compromise, granting attackers '
                'device-level privileges.',
 'impact': {'operational_impact': 'Potential device-level privilege escalation',
            'systems_affected': 'Full system compromise possible'},
 'post_incident_analysis': {'corrective_actions': 'Firmware patch released '
                                                  '(V1.1.6601 build 251223)',
                            'root_causes': 'Insufficient input validation in '
                                           'device firmware'},
 'recommendations': 'Immediately update to the latest firmware, implement '
                    'network segmentation, enforce strict access controls, '
                    'rotate credentials, and monitor authentication logs for '
                    'suspicious activity.',
 'references': [{'source': 'Independent Researcher (exzettabyte)'},
                {'source': 'Hikvision Hardware Security Response Center '
                           '(HSRC)'}],
 'response': {'containment_measures': 'Network segmentation, strict access '
                                      'controls, credential rotation',
              'enhanced_monitoring': 'Monitoring authentication logs for '
                                     'suspicious activity',
              'network_segmentation': 'Recommended as interim measure',
              'remediation_measures': 'Firmware update to V1.1.6601 build '
                                      '251223'},
 'title': 'High-Severity Command Execution Flaw Disclosed in Hikvision '
          'Wireless Access Points',
 'type': 'Command Execution Vulnerability',
 'vulnerability_exploited': 'CVE-2026-0709 (Insufficient Input Validation)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.