KMW CCTV Security Cameras
Summary
CISA has issued an alert regarding a critical vulnerability in KMW CCTV Security Cameras, specifically versions KM-IP521 IPCAM_V4.04.91.230307 and KM-IP421 IPCAM_V4.04.53.210416. The vulnerability, CVE-2026-5386, allows for unauthenticated remote password resets, granting attackers full control over camera feeds and settings. KMW has released a firmware update to address this flaw, along with recommended mitigation steps for network segmentation and regular updates.
IFF Assessment
This vulnerability allows unauthorized access to sensitive camera feeds and settings, posing a significant risk to organizations.
Severity
The CVSS score of 9.1 reflects the critical severity of an unauthenticated remote password reset, which allows an attacker to gain full unauthorized access to camera feeds and settings.
Defender Context
This alert highlights the critical need for defenders to patch and update KMW CCTV cameras promptly, as the unauthenticated password reset vulnerability grants attackers complete control. Organizations should also implement network segmentation for surveillance equipment and regularly check for firmware updates to prevent similar exploits on IoT devices.