Which KMW CCTV models are affected by this vulnerability?

The affected models include KM-IP521 and KM-IP421.

How can users mitigate the risks associated with this vulnerability?

Users should apply the firmware updates provided by KMW promptly and implement security measures such as network segmentation and regular monitoring to prevent unauthorized access.

Critical Vulnerability in KMW CCTV Security Cameras (CVE-2026-5386)

A critical unauthenticated password reset vulnerability in KMW CCTV Security Cameras allows attackers to gain full access to camera feeds and settings. Immediate firmware updates are essential to mitigate this risk.

Published: May 29, 2026

Share this on:

Executive Summary

In May 2026, a critical vulnerability (CVE-2026-5386) was identified in KMW CCTV Security Cameras, specifically models KM-IP521 and KM-IP421. This flaw allows unauthenticated attackers to remotely reset the administrator password to a known value, granting full access to camera feeds and settings. The vulnerability poses significant risks to critical infrastructure sectors, including commercial facilities, government services, and financial services. KMW has released firmware updates to address this issue and recommends users apply these updates promptly. (windowsforum.com)

This incident underscores the growing security challenges associated with IoT devices in critical infrastructure. The ease of exploitation and potential impact highlight the necessity for robust security measures, including regular firmware updates and network segmentation, to protect against unauthorized access and potential breaches.

Why This Matters Now

The KMW CCTV vulnerability exemplifies the increasing threats targeting IoT devices within critical infrastructure. Immediate action is required to mitigate potential unauthorized access and safeguard sensitive information.

Attack Path Analysis

An attacker exploited a critical unauthenticated password reset vulnerability in KMW CCTV Security Cameras, allowing them to reset the administrator password and gain full access to camera feeds and settings. With administrative access, the attacker could escalate privileges to manipulate device configurations. The attacker then moved laterally to other networked devices by exploiting the compromised camera as an entry point. They established command and control by configuring the camera to communicate with an external server. Sensitive data was exfiltrated through the compromised camera's network connection. Finally, the attacker disrupted surveillance operations by disabling camera functionality.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

Medium

Lateral Movement

Medium

Command & Control

Medium

Exfiltration

Medium

Impact

Medium

Initial Compromise

Description

Exploited unauthenticated password reset vulnerability in KMW CCTV Security Cameras to gain administrative access.

Confidence:

High

Related CVEs

Included CVEs with severity scores, affected products, exploit status, and reference links.

CVE-2026-5386
CVSS 9.1
An unauthenticated password reset vulnerability in KMW CCTV Security Cameras allows remote attackers to reset the administrator password to a known value, granting full access to camera feeds and settings.
Affected Products:
KMW KM-IP521 – IPCAM_V4.04.91.230307
KMW KM-IP421 – IPCAM_V4.04.53.210416
Exploit Status:
no public exploit
References:
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-06

MITRE ATT&CK® Techniques

Initial Access

T1078

Valid Accounts

Credential Access

T1110

Brute Force

Defense Evasion

T1556

Modify Authentication Process

Command and Control

T1071

Application Layer Protocol

Lateral Movement

T1021

Remote Services

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

NIST SP 800-53 – Account Management

Control ID: AC-2

The vulnerability allows unauthorized password resets, violating account management controls.

PCI DSS 4.0 – Secure Authentication

Control ID: 8.2.3

Unauthenticated password resets compromise secure authentication mechanisms.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The incident indicates a lack of effective cybersecurity policies to prevent unauthorized access.

DORA – ICT Risk Management Framework

Control ID: Article 5

The breach highlights deficiencies in the ICT risk management framework regarding access controls.

CISA ZTMM 2.0 – Identity and Access Management

Control ID: 3.1

Unauthorized password resets indicate weaknesses in identity and access management practices.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The vulnerability exposes inadequate cybersecurity risk management measures in place.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Security/Investigations

Critical IoT vulnerability in KMW CCTV cameras enables unauthenticated password reset, compromising surveillance infrastructure and requiring immediate segmentation controls.

Government Administration

Government facilities using affected KMW cameras face unauthorized access risks to sensitive areas, violating zero trust principles and compliance frameworks.

Financial Services

Banking institutions with KMW surveillance systems risk regulatory violations and physical security breaches through compromised camera access and monitoring capabilities.

Commercial Real Estate

Property management companies using KMW cameras face tenant privacy violations and security system compromise requiring immediate network isolation and firmware updates.

Sources

KMW CCTV Security Camerashttps://www.cisa.gov/news-events/ics-advisories/icsa-26-148-06
Verified

KMW CCTV Security Cameras Vulnerability Analysishttps://www.socdefenders.ai/item/289b9c1e-08f6-4e96-a578-e704a8ef3994

Verified

CISA ICSA-26-148-06: KMW CCTV Critical Password Reset Flawhttps://windowsforum.com/threads/cisa-icsa-26-148-06-kmw-cctv-critical-password-reset-flaw.420548/

Verified

Frequently Asked Questions

CVE-2026-5386 is a critical vulnerability in KMW CCTV Security Cameras that allows unauthenticated attackers to reset the administrator password remotely, granting full access to camera feeds and settings.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and controlled egress policies.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's initial access to the CCTV cameras would likely remain unaffected, as CNSF primarily focuses on post-compromise containment and segmentation.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to escalate privileges could be constrained by enforcing strict identity-based access controls, reducing unauthorized configuration changes.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's lateral movement would likely be restricted, reducing the risk of compromising additional devices within the network.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's ability to establish command and control channels could be detected and disrupted, limiting external communications.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's data exfiltration efforts would likely be hindered, reducing the risk of sensitive data loss.

Impact (Mitigations)

The attacker's ability to disable camera functionality could be limited, reducing the impact on surveillance operations.

Impact at a Glance

Affected Business Functions

Surveillance Monitoring
Physical Security Management
Incident Response

Operational Disruption

Estimated downtime: 3 days

Financial Impact

Estimated loss: $50,000

Data Exposure

Unauthorized access to live and recorded surveillance footage, potential exposure of sensitive areas and activities.

Recommended Actions

• Implement Zero Trust Segmentation to restrict device-to-device communication and limit lateral movement.
• Enforce East-West Traffic Security to monitor and control internal network traffic, preventing unauthorized access.
• Deploy Egress Security & Policy Enforcement to control outbound traffic and prevent data exfiltration.
• Utilize Threat Detection & Anomaly Response to identify and respond to unusual device behavior promptly.
• Regularly update device firmware and apply security patches to mitigate known vulnerabilities.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Critical Vulnerability in KMW CCTV Security Cameras (CVE-2026-5386)

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

Related CVEs

CVE-2026-5386

Affected Products:

Exploit Status:

References:

MITRE ATT&CK® Techniques

Valid Accounts

Brute Force

Modify Authentication Process

Application Layer Protocol

Remote Services

Potential Compliance Exposure

NIST SP 800-53 – Account Management

PCI DSS 4.0 – Secure Authentication

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Identity and Access Management

NIS2 Directive – Cybersecurity Risk Management Measures

Sector Implications

Security/Investigations

Government Administration

Financial Services

Commercial Real Estate

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads