CVE-2024-58274 is an OS command injection vulnerability classified under CWE-78, found in Hikvision's CSMP iSecure Center product. The flaw exists in the handling of JSON data submitted to the /center/api/installation/detection endpoint, where user-supplied input within the $( ) syntax is improperly neutralized, allowing execution of arbitrary operating system commands. This vulnerability does not require authentication or user interaction, making it remotely exploitable over the network. The vulnerability affects all versions up to the publication date and has a CVSS 3.1 base score of 8.3, reflecting its high severity. The scope is 'changed' indicating that exploitation can affect resources beyond the vulnerable component, potentially compromising the entire system. Successful exploitation can lead to unauthorized disclosure of information, modification of data, and disruption of service. Although no public exploit code has been released yet, reports indicate exploitation attempts in 2024 and 2025, highlighting active threat actor interest. The vulnerability poses a significant risk to organizations relying on Hikvision CSMP iSecure Center for security management, as attackers could leverage this flaw to gain persistent control over security infrastructure components.

For European organizations, the impact of CVE-2024-58274 is substantial. Hikvision products are widely used in physical security, surveillance, and critical infrastructure management across Europe. Exploitation could lead to unauthorized access to sensitive security management systems, enabling attackers to manipulate surveillance data, disable security controls, or pivot to other internal systems. This compromises confidentiality, integrity, and availability of security operations, potentially causing operational disruptions and data breaches. Critical sectors such as transportation, government facilities, energy, and large enterprises using Hikvision CSMP iSecure Center are particularly vulnerable. The ability to execute OS commands remotely without authentication increases the risk of rapid, automated attacks and lateral movement within networks. This could undermine trust in security infrastructure and lead to regulatory and compliance repercussions under GDPR and other European cybersecurity frameworks.

Immediate mitigation steps include: 1) Monitoring Hikvision’s official channels for patches or updates addressing CVE-2024-58274 and applying them promptly once available. 2) Restricting network access to the /center/api/installation/detection endpoint by implementing network segmentation and firewall rules to limit exposure only to trusted management networks. 3) Deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads containing command injection patterns such as $( ). 4) Conducting thorough input validation and sanitization on all data submitted to the API, if possible via configuration or custom security controls. 5) Auditing and monitoring logs for unusual command execution attempts or anomalies related to the vulnerable endpoint. 6) Considering temporary disabling or isolating the vulnerable API endpoint if patching is delayed. 7) Educating security teams about the threat to ensure rapid detection and response to potential exploitation attempts. These measures should be integrated into broader security hygiene practices to reduce attack surface and improve resilience.