top of page
perceptive_background_267k.jpg

Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera

Published:

23 April 2026 at 12:00:00

Alert date:

23 April 2026 at 17:04:31

Source:

cisa.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure

Critical authentication bypass vulnerability (CVE-2025-65856) in Hangzhou Xiongmai Technology XM530 IP cameras allows unauthenticated remote attackers to access sensitive device information and live video streams. The vulnerability affects firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 where the ONVIF implementation fails to enforce authentication on 31 critical endpoints. CVSS score of 9.8 (Critical). Vendor has not responded to CISA requests for mitigation. Proof of concept is publicly available. Devices are deployed worldwide in commercial facilities.

Technical details

Mitigation steps:

Affected products:

Hangzhou Xiongmai Technology XM530 IP Camera

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-05
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-05.json
https://www.cve.org/CVERecord?id=CVE-2025-65856
https://www.xiongmaitech.com/en/index.php/about/contact/42
https://cwe.mitre.org/data/definitions/306.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page