CVE-2024-58274
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-22

Last updated on: 2025-10-22

Assigner: MITRE

Description
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-22
Last Modified
2025-10-22
Generated
2026-06-16
AI Q&A
2025-10-22
EPSS Evaluated
2026-06-15
NVD
CVE-2024-58274
EUVD
EUVD-2024-55040
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
hikvision hik-icd-external-tool *
hikvision secure_management_platform *
hikvision hik-icd-installmanager 1.3.0-snapshot
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-58274 is a remote command execution (RCE) vulnerability in Hikvision's Comprehensive Security Management Platform (CSMP) iSecure Center. It occurs due to improper handling and sanitization of user input in the installation component, specifically in the 'agentNo' parameter and related classes. This allows an attacker to inject shell commands within JSON data sent to the /center/api/installation/detection endpoint, enabling execution of arbitrary commands on the server. An example exploit involves injecting a command to write a JSP web shell to the server, which can then be accessed remotely to execute further commands. [3]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary commands on the affected Hikvision CSMP server without authentication. This can lead to unauthorized control over the system, including deploying web shells for persistent access, data theft, system compromise, and disruption of services. The impact includes loss of confidentiality, integrity, and availability of the system and its data. [3]

Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the /center/api/installation/detection endpoint with JSON data that includes shell command injection in the machines.id field. For example, testing for command injection by injecting a payload that attempts to write a JSP web shell file (e.g., 123.jsp) to the server's web directory can confirm the vulnerability. Using tools like nuclei with the provided YAML template for Hikvision CSMP installation RCE detection can automate this process. [1, 3]

Mitigation Strategies

Immediate mitigation steps include applying the official patch released by Hikvision that replaces the vulnerable command execution function with a safer implementation (executeCommandReceiveResultWithFileNoShell) which prevents shell command injection. Until the patch is applied, restrict access to the /center/api/installation/detection endpoint, monitor for suspicious POST requests attempting command injection, and consider network-level controls to limit exposure. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-58274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart