tip EZVIZ no longer supports Internet Explorer or earlier versions, and the site may not behave as expected. Please upgrade to a newer browser.
Choose a country or region to see content specific to your location and needs. You will be redirected to your local site.
Continue OK
See Options
Please select a store×

Quick Links

News
  • 2026-02-28

    • Notice about Vulnerability in EZVIZ NAS products

  • Notice Released By: EZVIZ Security Team

    Initial Release Date: 2026/02/28

     

    Vulnerability & Affected Versions:

    Some EZVIZ NAS products contain security vulnerabilities.

    Vulnerability Details:

    (1) CVE-2026-22623

    Due to insufficient input validation on certain interfaces, authenticated users could execute arbitrary commands on the device by crafting specific packets.

    (2) CVE-2026-22624

    Due to inadequate access control, authenticated users could unauthorizedly manipulate other users' file resources.

    (3) CVE-2026-22625

    Due to improper filename handling, sensitive system files could potentially be exposed.

    (4) CVE-2026-22626

    Due to insufficient input validation on certain interfaces, authenticated users could cause device malfunction by crafting specific packets.

     

    Vulnerability IDs:

    CVE-2026-22623

    CVE-2026-22624

    CVE-2026-22625

    CVE-2026-22626

     

    Scoring:

    These vulnerabilities are rated using the CVSS v3.1 standard (http://www.first.org/cvss/specification-document).

    CVE-2026-22623

    Base Score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

    CVE-2026-22624

    Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

    CVE-2026-22625

    Base Score: 4.6 (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

    CVE-2026-22626

    Base Score: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

     

    Affected Versions and Fixed Versions:

    Affected Models

    Affected Versions

    Fixed Versions

    CS-R5C-R100-8F

    V5.7.0_Build_240807 and below

    V5.7.4 build 260119

     

    Fix Progress:

    The reported vulnerability has been fully identified and patched into the latest EZVIZ firmware, which has been released to the affected users for firmware update via the EZVIZ App.

     

    Completing Device Firmware Upgrade:

    For users with an affected device, they can complete the firmware upgrade via their EZVIZ App on the specific device page to mitigate the vulnerability. Users should have received an upgrade notification and are able to follow the instruction on the update page to complete the upgrade properly.

     

    Source of Vulnerability Information:

    These vulnerabilities were discovered by Jincheng Wang (@winmt) from Nanjing University of Posts and Telecommunications, who reported them to the EZVIZ Security Team.

     

    Contact Us:

    If you believe you have discovered a security vulnerability, please report it to EZVIZ at security@ezviz.com, or join our bounty program on YesWeHack. Our security team will be in touch if we need more information.

     

    EZVIZ would like to thank all security researchers and professionals who help test, identify and mitigate potential vulnerabilities in EZVIZ products, ensuring that we continue to respectfully protect people and homes, while securing devices and data.


  • For media inquiries, please contact: media@ezviz.com

We have updated our Terms of Service, CloudPlay Paid Subscription Terms and Privacy Policy. Please read them carefully.

We provide you with customized service and safe user experience with Cookie. Login and browse our website indicates that you permitted us getting information in/out the website with Cookie. Please visit Use of Cookies