Critical Vulnerability in Hikvision Wireless Access Points Allows Malicious Command Execution
A significant security flaw has been identified in several Hikvision Wireless Access Point (WAP) models, potentially enabling attackers with valid credentials to execute arbitrary commands on affected devices. This vulnerability, designated as CVE-2026-0709, arises from inadequate input validation within the device firmware. With a CVSS v3.1 base score of 7.2, it is classified as a high-severity threat.
Technical Overview:
The vulnerability permits authenticated attackers to transmit specially crafted packets containing malicious commands directly to the WAP, effectively bypassing critical security controls. This method of attack circumvents traditional network perimeter defenses, posing a heightened risk in environments where user authentication may be compromised or where insider threats are present.
Affected Models and Firmware Versions:
The following Hikvision WAP models are impacted:
– DS-3WAP521-SI
– DS-3WAP522-SI
– DS-3WAP621E-SI
– DS-3WAP622E-SI
– DS-3WAP623E-SI
– DS-3WAP622G-SI
Devices running firmware version V1.1.6303 build250812 and earlier are vulnerable. Hikvision has addressed this issue by releasing patched firmware versions (V1.1.6601 build 251223) for all affected devices.
Discovery and Reporting:
The vulnerability was initially reported on January 30, 2026, by an independent security researcher known as exzettabyte. Organizations utilizing the affected WAP models are strongly advised to prioritize updating to the latest firmware to mitigate potential exploitation risks.
Implications and Recommendations:
The authenticated nature of this vulnerability is particularly concerning for enterprise environments. While exploitation requires valid device credentials, attackers could leverage compromised user accounts, stolen credentials, or insider threats to gain access. Once authenticated, the lack of proper input validation allows threat actors to inject and execute arbitrary commands with device privileges, potentially leading to complete system compromise.
Mitigation Steps:
1. Firmware Update: Administrators should promptly download and install firmware version V1.1.6601 build 251223 from the official Hikvision support portal across all vulnerable devices.
2. Access Control Review: Organizations should evaluate and strengthen access controls, ensuring that only authorized personnel have access to the devices.
3. Enhanced Authentication Mechanisms: Implement robust authentication protocols to limit device access.
4. Network Segmentation: For organizations unable to patch immediately, segmenting the network to restrict device access can serve as an interim protective measure.
5. Monitoring and Logging: Regularly monitor authentication logs for any suspicious activity that could indicate attempted exploitation.
6. Credential Rotation: Regularly update device credentials to prevent exploitation through compromised accounts.
Hikvision’s Security Response Center (HSRC) continues to monitor security threats and encourages vulnerability disclosures at [email protected]. Organizations with questions regarding this vulnerability should contact Hikvision support through official channels.
