Critical Vulnerability in KMW CCTV Cameras Exposes Organizations to Unauthorized Access
A significant security flaw has been identified in KMW CCTV security cameras, potentially allowing attackers to gain full, unauthorized access to live camera feeds and device settings. This vulnerability, designated as CVE-2026-5386, carries a high Common Vulnerability Scoring System (CVSS) v3 score of 9.1, underscoring its severity and the substantial risk it poses to organizations utilizing these surveillance systems.
Nature of the Vulnerability
The core issue arises from an unverified password change weakness present in certain KMW CCTV models. This flaw enables remote attackers to modify authentication credentials without proper validation. By exploiting this vulnerability, malicious actors can assume control over the camera, access real-time video streams, alter configurations, or even disable surveillance operations entirely. Such capabilities present significant security risks, especially in environments where continuous monitoring is crucial for safety and operational integrity.
Affected Devices and Deployment
The vulnerability specifically impacts the following KMW CCTV models:
– KM-IP521 running firmware IPCAM_V4.04.91.230307
– KM-IP421 with firmware IPCAM_V4.04.53.210416
These devices are widely deployed across various critical infrastructure sectors, including commercial facilities, government institutions, financial services, transportation systems, and manufacturing environments. Given their extensive use, the potential for exploitation could lead to severe consequences, such as surveillance bypass, industrial espionage, and operational disruptions.
Potential Impact and Exploitation
While there have been no confirmed reports of active exploitation in the wild, the severity of this vulnerability makes it a prime target for threat actors, particularly those focusing on Internet of Things (IoT) and industrial control system weaknesses. The technical nature of the flaw allows attackers to bypass authentication controls by sending crafted requests that trigger password changes without verifying the requester’s identity.
For instance, an attacker with access to the same network as the vulnerable device, or one who has exposed the device to the internet, could issue unauthorized commands to reset credentials and gain administrative access within seconds. This type of attack does not require advanced skills, making it particularly dangerous in poorly secured environments.
Discovery and Reporting
Security researcher Souvik Kandar has been credited with discovering and reporting this critical flaw to the Cybersecurity and Infrastructure Security Agency (CISA). In response, CISA has issued an advisory (ICSA-26-148-06) recommending that organizations take immediate action to mitigate the risk associated with this vulnerability.
Recommended Mitigation Strategies
To protect against potential exploitation, organizations are advised to implement the following measures:
1. Network Isolation: Keep devices off the public internet and place them behind firewalls or within isolated networks to reduce exposure.
2. Secure Remote Access: Enable remote access only through secure channels, such as updated Virtual Private Networks (VPNs), to ensure that connections are encrypted and authenticated.
3. Strict Security Practices: Ensure that all connected systems adhere to strict security protocols, including regular updates and patches, to minimize vulnerabilities.
4. Regular Risk Assessments: Conduct periodic risk assessments and impact analyses before implementing changes to the surveillance infrastructure.
5. Monitoring and Incident Response: Continuously monitor for suspicious activity and have incident response procedures in place to address anomalies promptly.
6. Defense-in-Depth Strategies: Implement multiple layers of security controls to protect against various attack vectors, thereby enhancing the overall security posture.
Broader Context of CCTV Vulnerabilities
This incident is part of a broader trend of vulnerabilities discovered in CCTV and surveillance systems. For example, in August 2024, a critical vulnerability in digital video recorders exposed over 400,000 devices to potential cyber-attacks due to insufficient access controls on the devices’ web servers. Similarly, in July 2025, a serious security flaw in LG Innotek’s LNV5110R camera model allowed cybercriminals to gain complete administrative control over affected devices. These instances highlight the ongoing challenges in securing surveillance infrastructure against evolving cyber threats.
Conclusion
As surveillance infrastructure increasingly becomes a target for cyberattacks, the discovery of this vulnerability in KMW CCTV cameras underscores the urgent need for enhanced security controls in IoT-based camera systems. Organizations must proactively address these vulnerabilities to safeguard their operations and maintain the integrity of their surveillance capabilities.
