A critical vulnerability has been identified in some versions of Hikvision's iSecure Center product, assigned a severity score of 9.8 out of 10. This flaw allows an unauthenticated attacker to upload malicious files, which could lead to remote code execution and a complete compromise of the affected system. Organizations are urged to apply the recommended updates immediately to prevent potential data breaches, system takeovers, and further network intrusion.

The vulnerability is an improper file upload control weakness. The application fails to adequately validate files uploaded by a user, allowing an attacker to bypass security checks and upload a file with a malicious payload, such as a web shell. By subsequently accessing the uploaded file via a URL, the attacker can execute arbitrary commands on the server with the privileges of the web service, resulting in a full system compromise.

This vulnerability is of critical severity with a CVSS score of 9.8, indicating a high risk to the organization. Successful exploitation could lead to a complete loss of confidentiality, integrity, and availability of the affected system. Potential consequences include theft of sensitive data managed by iSecure Center (such as video surveillance feeds and access control information), deployment of ransomware, system disruption, and the use of the compromised server as a pivot point to launch further attacks against the internal network.

Immediate Action: Update all affected instances of Hikvision iSecure Center to the latest version provided by the vendor to patch the vulnerability. Prioritize patching for systems that are exposed to the internet. Following the update, review access and web server logs for any signs of suspicious file uploads or exploitation attempts that may have occurred prior to patching.

Proactive Monitoring: Monitor web server access logs for unusual POST requests to file upload endpoints, especially those involving executable file types (e.g., .jsp, .php, .aspx). Scrutinize network traffic for any unexpected outbound connections from the iSecure Center server, which could indicate a reverse shell or data exfiltration. Implement file integrity monitoring on web directories to detect the creation of unauthorized files.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Restrict network access to the iSecure Center management interface to only trusted IP addresses and administrative networks using a firewall.
• Deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious or improperly formed file uploads.
• Ensure Endpoint Detection and Response (EDR) solutions are installed and properly configured on the server to detect and block post-exploitation activity.

Public Exploit Available: false

Due to the critical CVSS score of 9.8, this vulnerability requires immediate attention. Organizations must prioritize applying the vendor-supplied patch to all affected Hikvision iSecure Center systems without delay. Although this CVE is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its potential for enabling complete system compromise makes it a prime target for future exploitation. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as an urgent temporary measure to mitigate the significant risk.