CVE-2026-22626
Unknown
Unknown - Not Provided
Improper Input Validation in HIKSEMI NAS Causes Device Disruption
Publication date: 2026-01-30
Last updated on: 2026-02-27
Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.
Description
Description
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hiksemi | nas | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-233 | The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because certain HIKSEMI NAS products do not properly validate input parameters on their interface. Authenticated users can exploit this by sending specially crafted messages that cause the device to behave abnormally.
How can this vulnerability impact me? :
The vulnerability can cause abnormal device behavior, which may lead to denial of service or disruption of normal operations on the affected HIKSEMI NAS devices.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70