WiFi Hijack: Hikvision Patches Command Injection in DS-3WAP Access Points

Hikvision has rolled out a critical firmware update for its line of wireless access points (APs) to squash a high-severity vulnerability that could allow attackers to hijack devices from the inside. Tracked as CVE-2026-0709, the flaw carries a CVSS score of 7.2, signaling a significant risk for enterprise networks relying on these devices for connectivity.

The vulnerability stems from a classic oversight in software development: insufficient input validation. This gap allows an attacker who already possesses valid credentials to escalate their access significantly. By sending “crafted packets containing malicious commands,” the attacker can trick the device into executing arbitrary code.

While the vulnerability requires the attacker to be authenticated, security experts warn that this does not lower the stakes. In many scenarios, this flaw could be the second link in an attack chain—where an attacker first compromises a low-level account (or uses default credentials) and then leverages this exploit to gain full control over the underlying operating system.

The advisory notes that the issue leads directly to “arbitrary command execution”. Once code execution is achieved on a network device like an access point, an intruder can potentially intercept traffic, pivot to other devices on the network, or disrupt wireless services entirely.

The security hole is present in a wide range of Hikvision’s “DS-3WAP” series access points. Specifically, the following models running firmware version V1.1.6303 build250812 and earlier are vulnerable:

• DS-3WAP521-SI
• DS-3WAP522-SI
• DS-3WAP621E-SI
• DS-3WAP622E-SI
• DS-3WAP623E-SI

Hikvision has released a unified fix for all affected models. Network administrators are urged to update their devices to Version V1.1.6601 build251223 immediately to close this attack vector.

Related Posts:

• Hikvision Patches Security Flaw in Network Cameras, Preventing Cleartext Credential Transmission
• Canada Bans Hikvision Operations Nationwide Citing National Security Threat
• Hikvision Security Cameras and Access Controls Hit by Stack Overflow Flaws
• Hikvision HikCentral Master Lite and Professional Affected by Multi Vulnerabilities
• Multi Flaws Found in HikCentral, Including a Bypass for Admin Access (CVE-2025-39247)

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.