Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.

Related CVEs

CVE-2025-39240

Key Information

GHSA ID

GHSA-x2h9-qjjm-834x

Published

June 13, 2025 9:30 AM

Last Modified

June 13, 2025 9:30 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.