HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Unauthenticated Password Reset in KMW CCTV Security Cameras (CVE‑2026‑5386) Enables Full Camera Takeover

KMW’s IP‑based CCTV cameras suffer a critical unauthenticated password‑reset flaw (CVE‑2026‑5386) that lets attackers reset the admin password and seize live video feeds. The issue affects the KM‑IP521 and KM‑IP421 models deployed worldwide across commercial, government, and critical‑infrastructure sites, creating a high‑impact supply‑chain risk for third‑party risk managers.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 cisa.gov
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
5 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Critical Unauthenticated Password Reset in KMW CCTV Security Cameras (CVE‑2026‑5386) Enables Full Camera Takeover

What It Is – KMW’s IP‑based CCTV cameras contain a critical unauthenticated password‑reset flaw (CVE‑2026‑5386). An attacker can remotely reset the administrator password to a known value, gaining unrestricted access to live video streams and device settings.

Exploitability – The vulnerability is publicly disclosed, has a CVSS v3 base score of 9.1 (Critical), and can be exploited without any credentials. No public PoC has been released, but the attack surface is trivial (exposed HTTP/HTTPS endpoints).

Affected Products

  • KM‑IP521 – firmware IPCAM_V4.04.91.230307
  • KM‑IP421 – firmware IPCAM_V4.04.53.210416

Both models are listed as known_affected by the vendor.

TPRM Impact

  • Unauthorized viewing of surveillance footage can expose proprietary processes, personal data, and physical security controls across multiple sectors.
  • Attackers can alter camera configurations, disable alerts, or embed malicious firmware, creating a foothold for broader supply‑chain compromise.

Recommended Actions

  • Deploy KMW’s firmware update (available at https://main.kmw.ro/pub/Firmware/521_421.zip) immediately on all affected devices.
  • After updating, enforce a unique, strong administrator password and disable default credentials.
  • Segregate CCTV networks from corporate IT and enforce strict firewall rules (allow only required management IPs).
  • Enable continuous monitoring of camera logs for anomalous login or configuration changes.
  • Validate that any third‑party cloud integration is re‑authenticated post‑patch.

Source: CISA Advisory – ICSA‑26‑148‑06

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-06

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →