KMW CCTV Security Cameras

Plan PatchCVSS 9.1ICS-CERT ICSA-26-148-06May 28, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

KMW IP cameras KM-IP521 and KM-IP421 contain an authentication bypass vulnerability that allows unauthenticated attackers to access camera feeds and modify camera settings. Successful exploitation grants full unauthorized access to video streams and device configuration without requiring credentials.

What this means

What could happen

An attacker with network access to these cameras could view live camera feeds, change settings, or manipulate recording without authentication. This could blind security systems and allow unauthorized activity on your property or facility.

Who's at risk

Organizations using KMW IP cameras (KM-IP521 and KM-IP421 models) for physical security surveillance should take action immediately. This includes municipal utilities, water authorities, manufacturing facilities, and any site with surveillance systems exposed to untrusted networks.

How it could be exploited

An attacker on the network (or with internet access if cloud features are exposed) can send unauthenticated requests to the camera web interface to read camera feeds and modify configuration settings. No credentials or special configuration are required.

Prerequisites

Network access to the camera's IP address and web interface port (typically 80/443)
Camera must be reachable from the attacker's network (either local network or internet if not firewalled)

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.1)affects safety/security systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

1 with fix1 pending

ProductAffected VersionsFix Status

KM-IP521: IPCAM_V4.04.91.230307IPCAM V4.04.91.230307No fix yet

KM-IP421: IPCAM_V4.04.53.210416IPCAM V4.04.53.210416Fix available

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDConfigure firewall rules to allow only specific authorized devices to communicate with the cameras

WORKAROUNDDisable internet-facing cloud/P2P connection features unless absolutely required for remote monitoring

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate KM-IP421 firmware to the latest version from https://main.kmw.ro/pub/Firmware/521_421.zip and re-authorize cloud P2P connection with KMW support

HOTFIXUpdate KM-IP521 firmware to the latest version from https://main.kmw.ro/pub/Firmware/521_421.zip

Long-term hardening

0/2

HARDENINGPlace all surveillance cameras on a separate network isolated from operational systems and guest networks

HARDENINGEstablish a routine firmware update schedule and check for camera updates monthly

CVEs (1)

CVE-2026-5386

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8e8956b6-d7be-43d9-8a47-e1c47b808c2c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.