CVE-2026-3828_CVE-2026-3828

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.

Basic Information

ID CVE-2026-3828

Source hikvision

Published May 9, 2026 at 08:27

Affected Product

Vendor Hikvision

Product DS-3E1310P-SI

Version Versions below V1.2.4_210623 (including V1.2.4_210623)

Affected Versions Hikvision DS-3E1310P-SI Versions below V1.2.4_210623 (including V1.2.4_210623)
Hikvision DS-3E1318P-SI Versions below V1.2.0_210823 (including V1.2.0_210823)
Hikvision DS-3E1326P-SI Versions below V1.2.0_210823 (including V1.2.0_210823)

References

www.hikvision.com /en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-switch-product/

{
    "lastseen": "",
    "description": "Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.",
    "published": "2026-05-09T08:27:55.964Z",
    "modified": "2026-05-09T08:27:55.964Z",
    "type": "cve",
    "title": "CVE-2026-3828",
    "source": "hikvision",
    "references": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-switch-product/",
    "id": "CVE-2026-3828",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hikvision DS-3E1310P-SI Versions below V1.2.4_210623 (including V1.2.4_210623)\nHikvision DS-3E1318P-SI Versions below V1.2.0_210823 (including V1.2.0_210823)\nHikvision DS-3E1326P-SI Versions below V1.2.0_210823 (including V1.2.0_210823)",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DS-3E1310P-SI",
    "version": "Versions below V1.2.4_210623 (including V1.2.4_210623)",
    "vendor": "Hikvision",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply