CVE-2026-32683
Received Received - Intake
EZVIZ Cloud API Data Transmission Risk via Legacy Interfaces

Publication date: 2026-05-09

Last updated on: 2026-05-09

Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.

Description
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-09
Last Modified
2026-05-09
Generated
2026-06-19
AI Q&A
2026-05-09
EPSS Evaluated
2026-06-18
NVD
CVE-2026-32683
EUVD
EUVD-2026-28907
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ezviz ezviz_app to 7.3.0.0210 (exc)
ezviz ezviz_app to 7.3.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves older versions of cloud feature modules with legacy API interfaces that allow attackers to eavesdrop on network requests and obtain sensitive data.

Such unauthorized data exposure could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information during transmission.

Users are advised to upgrade to the latest app version and enable video encryption to mitigate the risk and better protect data privacy.

Executive Summary

This vulnerability affects some EZVIZ products that use older versions of cloud feature modules with legacy API interfaces. These outdated modules pose a risk during data transmission because attackers can exploit them by eavesdropping on network requests to obtain sensitive data.

Impact Analysis

The vulnerability allows attackers to intercept and eavesdrop on network communications between the EZVIZ app and cloud services, potentially exposing sensitive user data. This can lead to unauthorized access to personal information transmitted through the app.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade the EZVIZ app to the latest version available.

  • Upgrade the EZVIZ app for iOS to version 7.3.1 or later.
  • Upgrade the EZVIZ app for Android to version 7.3.0.0210 or later.
  • Enable the video encryption feature within the app to protect data transmission.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32683. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart