CVE Catalog

CVE-2026-56414

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

A vulnerability in H.View IP cameras allows authenticated users to upload arbitrary files to fixed filesystem locations without validating file type, structure, or size. This can place unexpected or malformed data in trusted certificate storage areas, affecting system integrity even after reboot.

Risk Assessment

The organization faces integrity compromise of camera systems, potentially allowing attackers to replace certificates or inject malicious data, leading to unauthorized access or disruption of surveillance operations.

Recommendation

Immediately update H.View camera firmware to the latest version and implement file type and size validation. Additionally, restrict user permissions to the minimum necessary.

Original NVD description (English source)

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS