CVE-2026-55975
🟡 Monitoruj
Wstrzyknięcie niezabezpieczonych pól XML w kamerach H.View umożliwia wykonanie poleceń z podwyższonymi uprawnieniami.
CVSS
7.2
EPSS
0.7%
Exploit
none
Vendor
Opis źródłowy (NVD)
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.2 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.7% |
| Opublikowano (NVD) | 2026-06-26 23:17:08 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-29 19:24:39 UTC |
Referencje
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-05.json (ics-cert@hq.dhs.gov)
- https://hviewsmart.com/pages/contact-us (ics-cert@hq.dhs.gov)
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-05 (ics-cert@hq.dhs.gov)