CVE-2026-32683

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ezviz.com/inter/trust-center/security/security-notice/2026.05.08
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-cloud-function-modules-of-some-hikvisi/

Configurations

No configuration.

History

12 May 2026, 23:16

Type	Values Removed	Values Added
CWE		CWE-319

09 May 2026, 09:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-09 09:16

Updated : 2026-05-12 23:16

NVD link : CVE-2026-32683

Mitre link : CVE-2026-32683

CVE.ORG link : CVE-2026-32683

JSON object : View

Products Affected

No product.

CWE

CWE-319

Cleartext Transmission of Sensitive Information

5.3 /10