CVE Catalog

CVE-2026-55975

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.65%

47th percentile — higher than 47% of all known CVEs

Summary

A vulnerability in H.View IP cameras allows an authenticated user to inject unsanitized XML data into the certificate generation interface. This data is incorporated into a backend certificate creation command without proper validation, potentially leading to code execution with elevated privileges.

Risk Assessment

The risk involves potential takeover of the camera by an authenticated attacker, which could compromise the confidentiality and integrity of the monitored environment and enable further attacks on other network systems.

Recommendation

Immediately update the H.View camera firmware to the latest version provided by the vendor and restrict management interface access to trusted users only.

Original NVD description (English source)

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS