InfoSecBulletin Cybersecurity for mankind
Hikvision has released an important firmware update for its wireless access points (APs) to fix a serious vulnerability that could let attackers take control of the devices. Known as CVE-2026-0709, this flaw has a CVSS score of 7.2, indicating a high risk for businesses using these devices for connectivity.
The vulnerability arises from poor input validation in software development. This allows an attacker with valid credentials to gain higher access by sending specially crafted packets to execute harmful code.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Although the attacker must be authenticated, experts warn that this vulnerability is still serious. It could serve as the next step in an attack, where a low-level account is compromised, allowing the attacker to exploit this flaw to take complete control of the operating system.
The advisory warns that the issue causes “arbitrary command execution.” If someone executes code on a network device like an access point, they could intercept traffic, access other devices, or disrupt wireless services.
The security flaw affects many Hikvision “DS-3WAP” access points. The vulnerable models include those with firmware version V1.1.6303 build250812 and earlier:
DS-3WAP521-SI
DS-3WAP522-SI
DS-3WAP621E-SI
DS-3WAP622E-SI
DS-3WAP623E-SI
Hikvision has issued a fix for all affected models. Network admins should update devices to Version V1.1.6601 build251223 right away to prevent attacks.
