Search criteria
2 vulnerabilities found for DS-3WAP621E-SI by Hikvision
CVE-2025-39240 (GCVE-0-2025-39240)
Vulnerability from cvelistv5 – Published: 2025-06-13 07:10 – Updated: 2025-06-17 17:24
VLAI?
Summary
Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Hikvision | DS-3WAP622G-SI |
Affected:
V1.1.5402 build241014(E2254P02)and the versions prior to it
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
exzettabyte
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:15:35.438694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:24:32.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-3WAP622G-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5402 build241014\uff08E2254P02\uff09and the versions prior to it"
}
]
},
{
"product": "DS-3WAP623E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5400 build240814\uff08E2254\uff09and the versions prior to it"
}
]
},
{
"defaultStatus": "affected",
"product": "DS-3WAP521-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5400 build240814\uff08E2254\uff09and the versions prior to it"
}
]
},
{
"product": "DS-3WAP522-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5402 build241014\uff08E2254P02\uff09and the versions prior to it"
}
]
},
{
"product": "DS-3WAP621E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5400 build240814\uff08E2254\uff09and the versions prior to it"
}
]
},
{
"product": "DS-3WAP622E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5402 build241014\uff08E2254P02\uff09and the versions prior to it"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "exzettabyte"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T07:10:39.734Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/remote-command-execution-vulnerability-in-some-hikvision-wireless-access-point/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-39240",
"datePublished": "2025-06-13T07:10:39.734Z",
"dateReserved": "2025-04-16T05:37:51.246Z",
"dateUpdated": "2025-06-17T17:24:32.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39240 (GCVE-0-2025-39240)
Vulnerability from nvd – Published: 2025-06-13 07:10 – Updated: 2025-06-17 17:24
VLAI?
Summary
Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Hikvision | DS-3WAP622G-SI |
Affected:
V1.1.5402 build241014(E2254P02)and the versions prior to it
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
exzettabyte
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:15:35.438694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T17:24:32.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-3WAP622G-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5402 build241014\uff08E2254P02\uff09and the versions prior to it"
}
]
},
{
"product": "DS-3WAP623E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5400 build240814\uff08E2254\uff09and the versions prior to it"
}
]
},
{
"defaultStatus": "affected",
"product": "DS-3WAP521-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5400 build240814\uff08E2254\uff09and the versions prior to it"
}
]
},
{
"product": "DS-3WAP522-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5402 build241014\uff08E2254P02\uff09and the versions prior to it"
}
]
},
{
"product": "DS-3WAP621E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5400 build240814\uff08E2254\uff09and the versions prior to it"
}
]
},
{
"product": "DS-3WAP622E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.5402 build241014\uff08E2254P02\uff09and the versions prior to it"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "exzettabyte"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T07:10:39.734Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/remote-command-execution-vulnerability-in-some-hikvision-wireless-access-point/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-39240",
"datePublished": "2025-06-13T07:10:39.734Z",
"dateReserved": "2025-04-16T05:37:51.246Z",
"dateUpdated": "2025-06-17T17:24:32.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}