CVE-2024-58274 is an OS command injection vulnerability classified under CWE-78 affecting Hikvision's CSMP iSecure Center. The vulnerability exists because the application improperly neutralizes special elements used in OS commands, specifically allowing execution of commands embedded within $( ) syntax in JSON data submitted to the /center/api/installation/detection endpoint. This flaw enables an unauthenticated remote attacker to inject and execute arbitrary OS commands on the underlying server. The vulnerability is exploitable over the network without requiring any privileges or user interaction, making it highly accessible to attackers. The CVSS v3.1 base score of 8.3 reflects the high impact on confidentiality, integrity, and availability, as successful exploitation could lead to data leakage, system manipulation, or denial of service. Although no public exploits have been reported yet, the vulnerability is known to be exploited in the wild in 2024 and 2025, indicating active threat actor interest. The affected product, Hikvision CSMP iSecure Center, is a comprehensive security management platform widely used for managing video surveillance and security devices, making this vulnerability particularly critical for organizations relying on Hikvision infrastructure. The lack of available patches at the time of disclosure increases the urgency for organizations to implement compensating controls and monitor for suspicious activity targeting this endpoint.

For European organizations, exploitation of CVE-2024-58274 could result in unauthorized remote code execution on critical security management infrastructure, potentially leading to full system compromise. This can disrupt security monitoring and control functions, degrade the integrity of surveillance data, and expose sensitive information. The attack could facilitate lateral movement within networks, enabling attackers to pivot to other critical systems. Given the widespread use of Hikvision products in public safety, transportation, and government sectors across Europe, the impact could extend to national security and public safety operations. Additionally, the breach of such systems could undermine trust in security services and result in regulatory penalties under GDPR if personal data is compromised. The high severity and ease of exploitation without authentication make this vulnerability a significant risk for organizations that have not yet applied mitigations or patches.

1. Immediately restrict network access to the /center/api/installation/detection endpoint using firewalls or network segmentation to limit exposure to untrusted networks. 2. Implement strict input validation and sanitization on all JSON data received by the CSMP iSecure Center, particularly disallowing or escaping special characters such as $( ) that can be used for command injection. 3. Monitor logs and network traffic for unusual or suspicious requests targeting the vulnerable endpoint, including unexpected command patterns or payloads. 4. Deploy intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics designed to detect OS command injection attempts against Hikvision products. 5. Coordinate with Hikvision for timely updates or patches and apply them as soon as they become available. 6. Conduct security audits and penetration testing focused on the CSMP iSecure Center to identify any other potential injection points or weaknesses. 7. Educate security teams about this vulnerability and ensure incident response plans include procedures for handling exploitation attempts. 8. Consider isolating the CSMP iSecure Center on a dedicated management network with minimal access to reduce attack surface.