The Digital Security Authority (DSA) wants to bring to your attention regarding a vulnerability affecting Hikvision Switch Products.
Executive Summary:
The Digital Security Authority (DSA) has observed Hikvision has disclosed a high-severity authenticated remote command execution vulnerability affecting several discontinued smart switch products.
Technical Details
Hikvision has disclosed a high-severity authenticated remote command execution vulnerability affecting several discontinued smart switch products. The flaw arises from insufficient input validation mechanisms within the device firmware, enabling authenticated attackers to inject and execute arbitrary operating system commands remotely.
Vulnerability Details
• CVE ID: CVE-2026-3828
• CVSS v3.1 Score: 7.2 (High) (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
• Impact: Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Affected products
Recommendations
The Digital Security Authority (DSA) recommends immediately upgrading all affected devices to the latest fixed firmware versions immediately.
Please ensure to distribute this information among your subsidiaries and partners and provide us with any pertinent information or findings you may have (such as Indicators of Compromise, Tactics, Techniques, and Procedures, etc.).
The Digital Security Authority (DSA) extends its appreciation for the continued collaboration.
References
Disclaimer
The information presented in this report is based on available data up to the 11th of May 2026.