BACK TO NEWS
CERT Advisories

Critical Remote Command Execution Flaw Discovered in Hikvision Products

2 min readSource: INCIBE-CERT

Hikvision patches severe RCE vulnerability affecting multiple surveillance devices. Security teams urged to apply updates immediately to prevent exploitation.

Hikvision Addresses Critical Remote Command Execution Vulnerability

Security researchers have identified a severe remote command execution (RCE) vulnerability in multiple Hikvision products, prompting an urgent security advisory from Spain's INCIBE-CERT. The flaw, which could allow unauthorized attackers to execute arbitrary commands on vulnerable devices, was disclosed on February 2, 2026.

Technical Details

While specific technical details remain limited pending wider patch deployment, the vulnerability affects Hikvision's surveillance and network video recorder (NVR) product lines. The flaw is likely tied to improper input validation or authentication bypass mechanisms, common attack vectors for RCE exploits in IoT and embedded devices. No CVE ID has been assigned at the time of disclosure.

Impact Analysis

Successful exploitation of this vulnerability could enable threat actors to:

  • Gain full control over affected Hikvision devices
  • Access live video feeds or stored footage
  • Use compromised devices as pivot points for lateral movement within networks
  • Deploy additional malware or ransomware payloads

Hikvision devices are widely deployed in enterprise, government, and critical infrastructure environments, amplifying the potential risk. INCIBE-CERT has not reported active exploitation in the wild as of this advisory.

Recommendations

Security teams are advised to:

  1. Apply patches immediately – Hikvision has released firmware updates addressing this vulnerability. Prioritize devices exposed to the internet or untrusted networks.
  2. Segment network traffic – Isolate Hikvision devices on dedicated VLANs with strict access controls to limit lateral movement risks.
  3. Monitor for suspicious activity – Review device logs for unusual command execution, unauthorized access attempts, or configuration changes.
  4. Disable unnecessary services – Reduce attack surface by disabling unused features (e.g., UPnP, Telnet, or web interfaces) where possible.

For further details, refer to the official INCIBE-CERT advisory.

This is a developing story. Updates will be provided as more technical information becomes available.

Share

TwitterLinkedIn