CVE-2024-58274

Name of the Vulnerable Software and Affected Versions Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center versions through 2024-08-01

Description The software contains a flaw that permits the execution of a command. This occurs through the use of the $( ) construct within JSON data sent to the /center/api/installation/detection API endpoint. This issue was observed being exploited in real-world attacks during 2024 and 2025. The vulnerable parameter is the JSON data sent to the API endpoint.

Recommendations Versions through 2024-08-01 should be updated.