Home

Description

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.

PUBLISHED Reserved 2026-04-01 | Published 2026-05-29 | Updated 2026-05-29 | Assigner icscert




CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-620 Unverified Password Change

Product status

Default status
unaffected

4.04.91.230307
affected

Default status
unaffected

4.04.53.210416
affected

Credits

Souvik Kandar reported this vulnerability to CISA. finder

References

main.kmw.ro/pub/Firmware/521_421.zip

www.cisa.gov/news-events/ics-advisories/icsa-26-148-06

github.com/...p/csaf_files/OT/white/2026/icsa-26-148-06.json

cve.org (CVE-2026-5386)

nvd.nist.gov (CVE-2026-5386)

Download JSON