The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device firmware, potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems.
The vulnerability carries a CVSS v3.1 base score of 7.2, indicating a high-severity threat.
According to the advisory, attackers who can authenticate to the device can send specially crafted packets containing malicious commands directly to the WAP, bypassing critical security controls.
This attack vector bypasses network perimeter defenses since it requires valid credentials, making it particularly dangerous in environments where user authentication has been compromised or where insider threats exist.
| Affected Model | Vulnerable Firmware Version |
|---|---|
| DS-3WAP521-SI | V1.1.6303 build250812 and earlier |
| DS-3WAP522-SI | V1.1.6303 build250812 and earlier |
| DS-3WAP621E-SI | V1.1.6303 build250812 and earlier |
| DS-3WAP622E-SI | V1.1.6303 build250812 and earlier |
| DS-3WAP623E-SI | V1.1.6303 build250812 and earlier |
| DS-3WAP622G-SI | V1.1.6303 build250812 and earlier |
Hikvision has released patched firmware versions (V1.1.6601 build 251223) that address the flaw across all affected devices.
The vulnerability was initially reported on January 30, 2026, by an independent security researcher, exzettabyte.
Organizations deploying these WAP models should immediately prioritize updating to the resolved firmware version to mitigate exploitation risks.
The authenticated nature of this vulnerability makes it particularly concerning for enterprise environments.
While attackers must possess valid device credentials, compromised user accounts, stolen credentials, or insider threats can serve as entry points.
Once authenticated, the insufficient input validation allows threat actors to inject and execute arbitrary commands with device privileges, potentially leading to complete system compromise.
Organizations operating affected Hikvision WAP models should take immediate action. Patches are available for download on the official Hikvision support portal.
Administrators should deploy firmware version V1.1.6601 build 251223 across all vulnerable devices in their infrastructure.
Simultaneously, organizations should review access controls and enforce strong authentication mechanisms to limit device access to authorized personnel only.
For organizations unable to patch immediately, implementing network segmentation to restrict device access and monitoring authentication logs for suspicious activity can provide interim protection.
Additionally, credential rotation for affected devices is recommended to prevent exploitation through compromised accounts. Hikvision’s HSRC continues monitoring security threats and welcomes vulnerability disclosures at hsrc@hikvision.com.
Organizations with questions regarding this vulnerability should contact Hikvision support through official channels.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution appeared first on Cyber Security News.
FORT WORTH, Texas (KTAB/KRBC) - A man wanted in connection with a deadly hit-and-run in…
BIG COUNTRY, TEXAS (KTAB/KBRC) - In this episode of Carter and Kat’s Weather Chat, our…
Angela Ganter, a Texas Rodeo Hall of Fame member, shares her remarkable story of resilience,…
In a major escalation of supply chain attacks, the GlassWorm malware campaign has evolved to…
A single shot protected mice from the protein gunk implicated in Alzheimer’s disease. Alzheimer’s disease…
If you have an interest in video and movie making then you are going to…
This website uses cookies.