top of page
perceptive_background_267k.jpg

KMW CCTV Security Cameras

Published:

28 May 2026 at 12:00:00

Alert date:

28 May 2026 at 17:06:19

Source:

cisa.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure

Critical vulnerability in KMW CCTV Security Cameras allows unauthenticated remote password reset. CVE-2026-5386 affects KM-IP521 and KM-IP421 models with CVSS score 9.1. Attackers can reset administrator password to known value without authentication, granting full access to camera feeds and settings. KMW has released firmware update to address the vulnerability. Affects multiple critical infrastructure sectors worldwide including commercial facilities, government services, and financial services.

Technical details

Mitigation steps:

Affected products:

KMW KM-IP521 CCTV Camera
KMW KM-IP421 CCTV Camera

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-06
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-06.json
https://www.cve.org/CVERecord?id=CVE-2026-5386
https://main.kmw.ro/pub/Firmware/521_421.zip
https://cwe.mitre.org/data/definitions/620.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page