Search criteria
4 vulnerabilities by HIKSEMI
CVE-2026-22626 (GCVE-0-2026-22626)
Vulnerability from cvelistv5 – Published: 2026-01-30 11:03 – Updated: 2026-02-27 14:37
VLAI?
Summary
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.
Severity ?
4.9 (Medium)
CWE
- CWE-233 - Improper Handling of Parameters
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HIKSEMI | HS-AFS-S1H1 |
Affected:
V5.10.10_Build_251126
|
Credits
Jincheng Wang
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T12:40:22.043403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "CWE-233 Improper Handling of Parameters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T14:37:37.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HS-AFS-S1H1",
"vendor": "HIKSEMI",
"versions": [
{
"status": "affected",
"version": "V5.10.10_Build_251126"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jincheng Wang"
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T11:03:29.709Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-22626",
"datePublished": "2026-01-30T11:03:29.709Z",
"dateReserved": "2026-01-08T05:37:27.997Z",
"dateUpdated": "2026-02-27T14:37:37.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22625 (GCVE-0-2026-22625)
Vulnerability from cvelistv5 – Published: 2026-01-30 11:03 – Updated: 2026-02-27 14:42
VLAI?
Summary
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
Severity ?
4.6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HIKSEMI | HS-AFS-S1H1 |
Affected:
V5.10.10_Build_251126
|
Credits
Jincheng Wang
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T12:41:35.848702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T14:42:08.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HS-AFS-S1H1",
"vendor": "HIKSEMI",
"versions": [
{
"status": "affected",
"version": "V5.10.10_Build_251126"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jincheng Wang"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T11:03:14.801Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-22625",
"datePublished": "2026-01-30T11:03:14.801Z",
"dateReserved": "2026-01-08T05:37:27.997Z",
"dateUpdated": "2026-02-27T14:42:08.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22624 (GCVE-0-2026-22624)
Vulnerability from cvelistv5 – Published: 2026-01-30 11:03 – Updated: 2026-02-27 14:44
VLAI?
Summary
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HIKSEMI | HS-AFS-S1H1 |
Affected:
V5.10.10_Build_251126
|
Credits
Jincheng Wang
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T12:43:48.203961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T14:44:15.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HS-AFS-S1H1",
"vendor": "HIKSEMI",
"versions": [
{
"status": "affected",
"version": "V5.10.10_Build_251126"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jincheng Wang"
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users\u0027 file resources without proper authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T11:03:02.811Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-22624",
"datePublished": "2026-01-30T11:03:02.811Z",
"dateReserved": "2026-01-08T05:37:27.997Z",
"dateUpdated": "2026-02-27T14:44:15.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22623 (GCVE-0-2026-22623)
Vulnerability from cvelistv5 – Published: 2026-01-30 11:02 – Updated: 2026-02-27 14:45
VLAI?
Summary
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.
Severity ?
7.2 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HIKSEMI | HS-AFS-S1H1 |
Affected:
V5.10.10_Build_251126
|
Credits
Jincheng Wang
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T12:44:59.407089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T14:45:19.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HS-AFS-S1H1",
"vendor": "HIKSEMI",
"versions": [
{
"status": "affected",
"version": "V5.10.10_Build_251126"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jincheng Wang"
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T11:02:26.539Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-22623",
"datePublished": "2026-01-30T11:02:26.539Z",
"dateReserved": "2026-01-08T05:37:27.997Z",
"dateUpdated": "2026-02-27T14:45:19.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}