A significant security vulnerability has been identified in KMW CCTV security cameras, potentially enabling attackers to gain unauthorized access to live camera feeds and device settings.
Understanding the Vulnerability
Designated as CVE-2026-5386, this flaw has been given a high CVSS v3 score of 9.1, underscoring its potential adverse effects on organizations that depend on these surveillance systems. The core issue arises from an ‘unverified password change’ flaw, allowing remote attackers to alter authentication credentials without appropriate validation.
Exploitation of this vulnerability grants threat actors the ability to control the camera, view live video streams, modify configurations, or even disable surveillance operations, posing substantial risks in sensitive areas where security cameras are vital for monitoring.
Scope and Impact
This security flaw affects specific KMW CCTV models, notably the KM-IP521 with firmware IPCAM_V4.04.91.230307 and KM-IP421 with firmware IPCAM_V4.04.53.210416. These devices are installed worldwide across various critical infrastructure sectors, such as commercial facilities, government institutions, financial services, transportation systems, and manufacturing environments.
Due to their widespread deployment, exploiting this vulnerability could result in significant consequences, including surveillance evasion, espionage, and operational disruptions. Although no active exploitation has been reported, the vulnerability’s severity makes it an attractive target for cybercriminals, particularly those exploiting IoT and industrial systems.
Technical Details and Mitigation
From a technical standpoint, the flaw enables attackers to bypass authentication controls by sending crafted requests that allow password changes without verifying the requester’s identity. An attacker on the same network, or one who has exposed devices to the internet, could issue unauthorized commands to reset credentials and gain full administrative access swiftly.
Security researcher Souvik Kandar identified and reported the flaw to CISA. The exploit does not require advanced skills, making it especially dangerous in environments with insufficient security measures. According to a CISA advisory (ICSA-26-148-06), organizations should reduce exposure by keeping devices off the public internet, using firewalls, or isolated networks.
Remote access should be restricted to secure channels, such as updated VPNs, with a focus on ensuring all connected systems adhere to strict security protocols. Regular risk assessments and impact analyses are recommended before any system changes.
Organizations are encouraged to monitor for unusual activities, follow incident response procedures, and report any anomalies to relevant authorities for threat tracking. Implementing defense-in-depth strategies and adhering to ICS cybersecurity guidelines can significantly mitigate the risk of exploitation.
This vulnerability highlights the urgent need for stronger security measures in IoT-based camera systems as cyberattacks increasingly target surveillance infrastructure.
