H.VIEW HV-500S6 IP Camera

HIGH

CVSS 7.2

Date 2026-06-25T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device.

// Vulnerabilities (2)

CVE ID	CVSS Score	Severity	Description
CVE-2026-56414	7.2	high	A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot.
CVE-2026-55975	7.2	high	A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.

// Remediations (1)

Mitigation: H.View did not respond to CISA's request to coordinate. Users are encouraged to reach out to H.View

H.View did not respond to CISA's request to coordinate. Users are encouraged to reach out to H.View for support. https://hviewsmart.com/pages/contact-us

H.VIEW HV-500S6 IP Camera

// Description

// Vulnerabilities (2)

// Remediations (1)

// References