‹ Back to ICS Advisories

KMW CCTV Security Cameras

CRITICAL

CVSS 9.1

Date 2026-05-28T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of this vulnerability may grant full unauthorized access to camera feeds and settings.

// Vulnerabilities (1)

CVE ID	CVSS Score	Severity	Description
CVE-2026-5386	9.1	critical	The affected product is vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.

// Remediations (4)

Mitigation: If there are any issues customers are encouraged to contact KMW directly.

If there are any issues customers are encouraged to contact KMW directly.

Mitigation: KMW has issued a firmware update to address this vulnerability. The firmware update can be found at

KMW has issued a firmware update to address this vulnerability. The firmware update can be found at https://main.kmw.ro/pub/Firmware/521_421.zip.

Mitigation: KMW recommends connecting surveillance equipment on a separate network, allow only specific devices

KMW recommends connecting surveillance equipment on a separate network, allow only specific devices access to the internet, check for firmware updates regularly, and use cloud connections responsibly.

Patch: KM-IP421 - will lose the cloud authorization after this update so users will need to contact custome

KM-IP421 - will lose the cloud authorization after this update so users will need to contact customer support to re-authorize the P2P connection.

KMW CCTV Security Cameras

// Description

// Vulnerabilities (1)

// Remediations (4)

// References