CVE-2026-55975

Summary

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.

Affected Software

VendorProductVersion RangeStatus
H.VIEWHV-500S6 IP CameraIPCAM_V4.06.88.251229affected

Weaknesses

  • CWE-78: CWE-78

Workarounds

H.View did not respond to CISA's request to coordinate. Users are encouraged to reach out to H.View for support. https://hviewsmart.com/pages/contact-us  https://hviewsmart.com/pages/contact-us

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References