CVE-2026-5386 KMW CVE debrief

Who should care

Organizations deploying KMW CCTV Security Cameras in physical security, critical infrastructure, or sensitive environments should prioritize patching. Security teams responsible for OT/ICS networks, facility management, and surveillance systems must assess exposure and apply mitigations immediately.

Technical summary

The vulnerability exists in KMW CCTV Security Cameras and allows unauthenticated remote attackers to reset the administrator password to a known value. Successful exploitation grants complete administrative control over the device, including access to live camera feeds, recorded footage, and all configuration settings. The attack requires no authentication credentials and can be executed remotely over the network. The underlying weakness is CWE-620 (Unverified Password Change), indicating the password reset functionality fails to verify the identity of the requester before allowing password modification.

Defensive priority

critical

Recommended defensive actions

• Immediately apply firmware updates from the vendor to affected KMW CCTV Security Camera models
• Restrict network access to camera management interfaces using firewall rules or network segmentation
• Monitor for unauthorized password reset attempts or configuration changes in camera logs
• Verify administrator account integrity and reset credentials if compromise is suspected
• Review camera access logs for unauthorized administrative access since May 29, 2026

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-26-148-06. CVSS vector confirms network-exploitable, unauthenticated attack with high impact on confidentiality and integrity. Firmware update available from vendor.

Official resources