CVE-2024-58274

CVSS v3.1

8.3

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center versions through 2024-08-01

Description The software contains a flaw that permits the execution of a command. This occurs through the use of the

$( )

construct within JSON data sent to the

/center/api/installation/detection

API endpoint. This issue was observed being exploited in real-world attacks during 2024 and 2025. The vulnerable parameter is the JSON data sent to the API endpoint.

Recommendations Versions through 2024-08-01 should be updated.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2024-58274

Affected Products

Hikvision Isecure Center

CVE-2024-58274

Weakness Enumeration

Related Identifiers

Affected Products

References · 9