CVE-2026-3828

Hikvision · Switch Products

Certain discontinued Hikvision switch models are susceptible to an authenticated remote command execution vulnerability caused by improper input validation.

Executive summary

An authenticated remote command execution vulnerability in specific discontinued Hikvision switches could allow a privileged attacker to gain full system control.

Vulnerability

The vulnerability involves insufficient input validation, which allows an attacker with high privileges (authenticated) to execute arbitrary commands on the affected hardware.

Business impact

A successful exploit grants the attacker command execution capabilities at the system level, potentially leading to a total compromise of the network device. With a CVSS score of 7.2, the impact is severe, though mitigated by the requirement for administrative authentication.

Remediation

Immediate Action: Update the firmware of the affected switch models to the versions specified in the vendor advisory.

Proactive Monitoring: Review administrative session logs for unauthorized or unexpected command execution activity and monitor for configuration changes.

Compensating Controls: Restrict administrative access to these devices to trusted management networks only and implement strong multi-factor authentication (MFA) where supported.

Exploitation status

Public Exploit Available: No — there is no confirmed public weaponized exploit or PoC in the available data.

Analyst recommendation

Although the products are discontinued, the severity of remote command execution necessitates immediate patching. Administrators should confirm if these devices are still in use and ensure firmware is updated to the latest available version provided by the manufacturer.