CVE-2026-32683

MEDIUM

5.3

Description

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature.

CVE Details

CVSS v3.1 Score5.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorADJACENT_NETWORK

ComplexityHIGH

Privileges RequiredNONE

User InteractionNONE

Published5/9/2026

Last Modified5/12/2026

Sourcenvd

Honeypot Sightings0

Weaknesses (CWE)

CWE-319

References

https://www.ezviz.com/inter/trust-center/security/security-notice/2026.05.08(hsrc@hikvision.com)

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-cloud-function-modules-of-some-hikvisi/(hsrc@hikvision.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.