CVE-2026-5386

CRITICAL

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.

CVSS v3.1 Score

9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE
Published: 5/29/2026Modified: 6/1/2026

Related Intelligence (1)

CRITICALPhishing

KMW CCTV Security Cameras

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability may grant full unauthorized access to camera feeds and settings.</strong></p> <p>The following versions of KMW CCTV Security Cameras are affected:</p> <ul> <li>KM-IP521 IPCAM_V4.04.91.2303

CVE-2026-5386
CISA Advisories

References (3)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-06.jsonhttps://main.kmw.ro/pub/Firmware/521_421.ziphttps://www.cisa.gov/news-events/ics-advisories/icsa-26-148-06