CVE-2026-5386
published 2026-05-29CVE-2026-5386: The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the…
PriorityP263critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.62%
45.4th percentile
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kmw | km-ip421 | — | — |
| kmw | km-ip521 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ff7m-h5f6-v93r: The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset
ghsa_unreviewed·2026-05-29
CVE-2026-5386 [CRITICAL] CWE-620 GHSA-ff7m-h5f6-v93r: The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.
VulDB
KMW KM-IP521/KM-IP421 4.04.91.230307 Setting unverified password change
vuldb·2026-05-29·CVSS 9.1
CVE-2026-5386 [CRITICAL] KMW KM-IP521/KM-IP421 4.04.91.230307 Setting unverified password change
A vulnerability was found in KMW KM-IP521 and KM-IP421 4.04.91.230307. It has been rated as critical. This affects an unknown part of the component Setting Handler. The manipulation leads to unverified password change.
This vulnerability is referenced as CVE-2026-5386. Remote exploitation of the attack is possible. No exploit is available.
No detection rules found.
No public exploits indexed.
2026-05-29
Published