CVE-2026-5386

Summary

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.

Affected Software

VendorProductVersion RangeStatus
KMWKM-IP5214.04.91.230307affected
KMWKM-IP4214.04.53.210416affected

Weaknesses

  • CWE-620: CWE-620 Unverified Password Change

Workarounds

KMW recommends connecting surveillance equipment on a separate network, allow only specific devices access to the internet, check for firmware updates regularly, and use cloud connections responsibly.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References