Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera

Plan PatchCVSS 9.8ICS-CERT ICSA-26-113-05Apr 23, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera contains an authentication bypass vulnerability (CWE-306) that allows remote access to sensitive information on the device. An attacker can bypass authentication mechanisms and gain access to camera functionality and video streams. The vendor has not responded to CISA requests to develop a patch.

What this means

What could happen

An attacker could bypass authentication and gain remote access to the IP camera, allowing them to view live feeds, access stored video, and potentially intercept sensitive surveillance data from your facility.

Who's at risk

This vulnerability affects IP surveillance installations in water utilities, electric utilities, municipalities, and facilities using Xiongmai XM530 cameras for perimeter monitoring, facility access control, or operational oversight. Any organization relying on these cameras for security should prioritize immediate action.

How it could be exploited

An attacker on your network or the internet can send a specially crafted request to the camera that bypasses the authentication mechanism. Once authenticated, they can access camera functions and video streams without valid credentials.

Prerequisites

Network access to the camera on the network port (typically port 80 or 443)
Camera must be reachable from the attacker's location (internet-facing or on compromised internal network)
No valid credentials required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)no patch availablevendor unresponsive

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (1)

ProductAffected VersionsFix Status

IP Camera XM530V200_X6-WEQ_8M firmware: V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06No fix yet

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisconnect or isolate XM530 cameras from networks accessible from the internet or untrusted segments immediately

WORKAROUNDIf cameras must remain in use, restrict network access to the camera to authorized management workstations only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Xiongmai Technology customer support to inquire about firmware updates or replacement options

Long-term hardening

0/2

HARDENINGSegment IP cameras onto a dedicated, isolated network separate from critical operational and business systems

HARDENINGReplace cameras with models from vendors who provide active security patches and support

CVEs (1)

CVE-2025-65856

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bc508e54-0f99-468a-b09b-7c9b6331bf45

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.