{"id":10354,"date":"2026-02-03T10:03:47","date_gmt":"2026-02-03T10:03:47","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/02\/03\/hikvision-wireless-access-points-vulnerability-enables-malicious-command-execution\/"},"modified":"2026-02-03T10:03:47","modified_gmt":"2026-02-03T10:03:47","slug":"hikvision-wireless-access-points-vulnerability-enables-malicious-command-execution","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/02\/03\/hikvision-wireless-access-points-vulnerability-enables-malicious-command-execution\/","title":{"rendered":"Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution"},"content":{"rendered":"<p>    Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models.<\/p>\n<p>The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device <a href=\"https:\/\/cybersecuritynews.com\/redmi-buds-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">firmware<\/a>, potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems.<\/p>\n<p>The vulnerability carries a CVSS v3.1 base score of 7.2, indicating a high-severity threat.<\/p>\n<p>According to the advisory, attackers who can authenticate to the device can send specially crafted packets containing <a href=\"https:\/\/cybersecuritynews.com\/jackfix-attack-leverages-windows-updates\/\" target=\"_blank\" rel=\"noreferrer noopener\">malicious commands<\/a> directly to the WAP, bypassing critical security controls.<\/p>\n<p>This attack vector bypasses network perimeter defenses since it requires valid credentials, making it particularly dangerous in environments where user authentication has been compromised or where insider threats exist.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-affected-models-and-timeline\"><strong>Affected Models and Timeline<\/strong><\/h2>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>Affected Model<\/th>\n<th>Vulnerable Firmware Version<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DS-3WAP521-SI<\/td>\n<td>V1.1.6303 build250812 and earlier<\/td>\n<\/tr>\n<tr>\n<td>DS-3WAP522-SI<\/td>\n<td>V1.1.6303 build250812 and earlier<\/td>\n<\/tr>\n<tr>\n<td>DS-3WAP621E-SI<\/td>\n<td>V1.1.6303 build250812 and earlier<\/td>\n<\/tr>\n<tr>\n<td>DS-3WAP622E-SI<\/td>\n<td>V1.1.6303 build250812 and earlier<\/td>\n<\/tr>\n<tr>\n<td>DS-3WAP623E-SI<\/td>\n<td>V1.1.6303 build250812 and earlier<\/td>\n<\/tr>\n<tr>\n<td>DS-3WAP622G-SI<\/td>\n<td>V1.1.6303 build250812 and earlier<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>Hikvision has released patched firmware versions (V1.1.6601 build 251223) that address the flaw across all affected devices.<\/p>\n<p>The vulnerability was initially reported on January 30, 2026, by an independent security researcher, exzettabyte.<\/p>\n<p>Organizations deploying these <a href=\"https:\/\/cybersecuritynews.com\/researchers-jailbreaked-text-to-image-llm\/\" target=\"_blank\" rel=\"noreferrer noopener\">WAP models <\/a>should immediately prioritize updating to the resolved firmware version to mitigate exploitation risks.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-vulnerability-details-and-impact\"><strong>Vulnerability Details and Impact<\/strong><\/h2>\n<p>The authenticated nature of this vulnerability makes it particularly concerning for enterprise environments.<\/p>\n<p>While attackers must possess valid device credentials, compromised user accounts, stolen credentials, or insider <a href=\"https:\/\/cybersecuritynews.com\/saas-cybersecurity-threats\/\" target=\"_blank\" rel=\"noreferrer noopener\">threats<\/a> can serve as entry points.<\/p>\n<p>Once authenticated, the insufficient input validation allows threat actors to inject and execute arbitrary commands with <a href=\"https:\/\/cybersecuritynews.com\/microsoft-desktop-windows-manager-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">device privileges<\/a>, potentially leading to complete system compromise.<\/p>\n<p>Organizations operating affected Hikvision WAP models should take immediate action. Patches are available for download on the official Hikvision support portal.<\/p>\n<p>Administrators should deploy firmware version V1.1.6601 build 251223 across all vulnerable devices in their infrastructure.<\/p>\n<p>Simultaneously, organizations should review access controls and enforce strong <a href=\"https:\/\/cybersecuritynews.com\/authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">authentication<\/a> mechanisms to limit device access to authorized personnel only.<\/p>\n<p>For organizations unable to patch immediately, implementing network segmentation to restrict device access and monitoring authentication logs for suspicious activity can provide interim protection.<\/p>\n<p>Additionally, credential rotation for affected devices is <a href=\"https:\/\/www.hikvision.com\/en\/support\/cybersecurity\/security-advisory\/command-execution-vulnerability-in-some-hikvision-wireless-access-point-products\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">recommended<\/a> to prevent exploitation through compromised accounts. Hikvision\u2019s HSRC continues monitoring security threats and welcomes vulnerability disclosures at\u00a0hsrc@hikvision.com.<\/p>\n<p>Organizations with questions regarding this vulnerability should contact Hikvision support through official channels.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/hikvision-wireless-access-points-vulnerability\/\">Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/hikvision-wireless-access-points-vulnerability\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device firmware, potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems. The vulnerability carries [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,648],"tags":[130],"class_list":["post-10354","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10354"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=10354"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10354\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=10354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=10354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=10354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}