hikvision

Top products

The 15 most recently published vulnerabilities affecting hikvision.

• CVE-2026-32684The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.2.9May 12, 2026
• CVE-2026-3828Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can...7.2May 9, 2026
• CVE-2026-1749There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.6.8May 9, 2026
• CVE-2026-0709Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending craft...7.2Jan 30, 2026
• CVE-2025-66177There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause th...8.8Jan 13, 2026
• CVE-2025-66176There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause t...8.8Jan 13, 2026
• CVE-2025-66174There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could ex...6.5Dec 19, 2025
• CVE-2025-66173There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploi...6.2Dec 19, 2025
• CVE-2024-58274Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited...8.3Oct 22, 2025
• CVE-2023-53691Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.8.3Oct 22, 2025
• CVE-2023-28815Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges...9.8Oct 17, 2025
• CVE-2023-28814Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files...9.8Oct 17, 2025
• CVE-2025-39247There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.8.6Aug 29, 2025
• CVE-2025-39246There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.5.3Aug 29, 2025
• CVE-2025-39245There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.4.7Aug 29, 2025