Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

HS-AFS-S1H1

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-22626
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
ShareView Details
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
CVSS Score-4.9||MEDIUM
EPSS-0.02% / 3.16%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 11:03
Updated-27 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.

Action-Not Available
Vendor-HIKSEMI
Product-HS-AFS-S1H1
CWE ID-CWE-233
Improper Handling of Parameters
CVE-2026-22625
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
ShareView Details
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
CVSS Score-4.6||MEDIUM
EPSS-0.01% / 0.57%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 11:03
Updated-27 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.

Action-Not Available
Vendor-HIKSEMI
Product-HS-AFS-S1H1
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-22624
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
ShareView Details
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.06%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 11:03
Updated-27 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.

Action-Not Available
Vendor-HIKSEMI
Product-HS-AFS-S1H1
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-22623
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
ShareView Details
Assigner-Hangzhou Hikvision Digital Technology Co., Ltd.
CVSS Score-7.2||HIGH
EPSS-0.02% / 6.01%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 11:02
Updated-27 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.

Action-Not Available
Vendor-HIKSEMI
Product-HS-AFS-S1H1
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')