Full Report
Path Traversal vulnerability (CVE-2026-7766) has been found in Kenik cameras software.
Analysis Summary
# Vulnerability: Path Traversal in Kenik Camera Management Panel
## CVE Details
- **CVE ID:** CVE-2026-7766
- **CVSS Score:** Not explicitly listed in the source, but Path Traversal of this nature typically rates as **High** (e.g., 7.5 - 8.6).
- **CWE:** CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal')
## Affected Systems
- **Products:** Kenik IP Cameras
- **Versions:** All versions released before 2025-04-21. Specifically identifies models:
- KG-5230TAS-IL-3
- KG-5230TAS-IL-G3
- KG-5230DAS-IL-G3
- KG-5260TZAS-IL-3
- KG-5260DZAS-IL-3
- KG-5260TZAS-IL-G3
- KG-5260DZAS-IL-G3
- KG-5260xxxx-IL-(G)2
- **Configurations:** Systems running the web-based camera management panel accessible via network.
## Vulnerability Description
The Kenik camera management panel contains a Path Traversal vulnerability (CWE-22). The software fails to properly sanitize user-supplied input in file path parameters. This allow an unauthenticated attacker to manipulate the file path in a GET request to access files outside of the intended web root directory.
## Exploitation
- **Status:** Coordination completed (Disclosure); no reports of active exploitation in the wild mentioned.
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
- **PoC Availability:** Not public, but the mechanism is described (crafted GET requests with arbitrary file paths).
## Impact
- **Confidentiality:** High (Unauthenticated access to sensitive system files and configuration data).
- **Integrity:** Low/None (Read-only access is specified).
- **Availability:** Low/None.
## Remediation
### Patches
The vendor has released firmware updates to address this flaw. Users should upgrade to the following versions or later:
- **Model KG-5260xxxx-IL-(G)2:** Update to version **2026-04-23**.
- **Other affected models:** Update to version **2025-04-21**.
### Workarounds
- Prohibit exposure of the camera management panel to the public internet.
- Implement VPN or IP-based Access Control Lists (ACLs) to restrict access to the management interface to authorized personnel only.
## Detection
- Monitor web server logs for GET requests containing directory traversal sequences (e.g., `../`, `..%2f`, or absolute paths to sensitive system files like `/etc/passwd`).
- Security scanners can be used to identify if the management interface responds to unauthorized file requests.
## References
- CERT Polska Advisory: hxxps[://]cert[.]pl/en/posts/2026/05/vulnerability-in-kenik-cameras-software/
- CVE Record: hxxps[://]www[.]cve[.]org/CVERecord?id=CVE-2026-7766
- CVD Policy: hxxps[://]cert[.]pl/en/cvd/