CVE-2026-5386
Unauthenticated Password Reset in KMW CCTV Security Cameras
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kmw | cctv_security_cameras | * |
| kmw | km_ip521 | * |
| kmw | km_ip421 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-620 | When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5386 is a critical vulnerability in KMW CCTV Security Cameras that allows an attacker to remotely reset the administrator password to a known value without any authentication.
This flaw grants the attacker full unauthorized access to the camera feeds and settings, effectively compromising the security and control of the affected devices.
The vulnerability affects specific KMW products and can be exploited over the network without requiring user interaction or privileges.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can lead to full unauthorized access to the affected CCTV cameras, allowing attackers to view live camera feeds and modify camera settings.
This can compromise physical security monitoring, potentially exposing sensitive areas to surveillance bypass or manipulation.
The vulnerability could impact critical infrastructure sectors such as commercial facilities, government services, financial services, and transportation systems, potentially causing widespread security risks.
Additionally, attackers could use this access to gather intelligence or disrupt security operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if KMW CCTV Security Cameras are present on your network and checking if they are running vulnerable firmware versions.
Since the vulnerability allows unauthenticated remote password reset, monitoring for unusual password reset attempts or unauthorized access to camera feeds could indicate exploitation.
Network scanning tools can be used to detect KMW CCTV devices by identifying their IP addresses and open ports typically used by these cameras.
Specific commands or tools are not provided in the available resources, but general approaches include:
- Using nmap to scan for devices with open ports commonly used by KMW cameras (e.g., HTTP/HTTPS ports).
- Checking device firmware versions via the camera's web interface or management software to verify if they are outdated or vulnerable.
- Monitoring network traffic for unauthorized password reset requests or suspicious activity targeting camera management interfaces.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the firmware update issued by KMW that addresses this vulnerability.
For the KM-IP421 model, applying the update may require re-authorization of the P2P connection through customer support.
Additional recommended mitigations are:
- Isolate surveillance equipment on a separate network to reduce exposure.
- Restrict internet access to the affected devices.
- Regularly check for and apply firmware updates.
- Use secure remote access methods such as VPNs.
- Follow CISA's guidance on cybersecurity best practices for industrial control systems.
If issues arise during mitigation, customers are advised to contact KMW directly for support.