Title: Command Execution Vulnerability in Some Hikvision Wireless Access Point Products SN No.: HSRC-202601-02 Edit: Hikvision Security Response Center (HSRC) Initial Release Date: 2026-01-30 Summary: Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers can exploit this by sending crafted packets with malicious commands. CVE ID: CVE-2026-0709 Scoring: - CVSS v3.1: Base score: 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Affected Versions and Fix: - DS-3WAP521-SI: V1.1.6303 build250812 and earlier → V1.1.6601 build251223 - DS-3WAP522-SI: V1.1.6303 build250812 and earlier → V1.1.6601 build251223 - DS-3WAP621E-SI: V1.1.6303 build250812 and earlier → V1.1.6601 build251223 - DS-3WAP622E-SI: V1.1.6303 build250812 and earlier → V1.1.6601 build251223 - DS-3WAP623E-SI: V1.1.6303 build250812 and earlier → V1.1.6601 build251223 - DS-3WAP622G-SI: V1.1.6303 build250812 and earlier → V1.1.6601 build251223 Contact Us: For security issues, email HSRC at hscc@hikvision.com. Disclaimer: The document is provided "as is" with no guarantees. Use at your own risk.