CVE-2026-55975
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk47th percentile — higher than 47% of all known CVEs
Summary
A vulnerability in H.View IP cameras allows an authenticated user to inject unsanitized XML data into the certificate generation interface. This data is incorporated into a backend certificate creation command without proper validation, potentially leading to code execution with elevated privileges.
Risk Assessment
The risk involves potential takeover of the camera by an authenticated attacker, which could compromise the confidentiality and integrity of the monitored environment and enable further attacks on other network systems.
Recommendation
Immediately update the H.View camera firmware to the latest version provided by the vendor and restrict management interface access to trusted users only.
Original NVD description (English source)
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.

