[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-kmw-cctv-cameras-vulnerable-to-unauthenticated-password-reset":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":34,"persona_id":22,"persona_name":22,"section":22,"tags":35,"sources":40,"feedback":44,"feedback_at":22,"cost_usd":44,"total_tokens":44},1010,"kmw-cctv-cameras-vulnerable-to-unauthenticated-password-reset","KMW CCTV cameras vulnerable to unauthenticated password reset","A critical flaw lets attackers reset admin passwords on certain KMW cameras, and a firmware patch is now available.","KMW’s IP‑based security cameras have a critical unauthenticated password‑reset bug.\n\nCISA’s advisory flags CVE‑2026‑5386 in two firmware versions – IPCAM_V4.04.91.230307 for the KM‑IP521 and IPCAM_V4.04.53.210416 for the KM‑IP421. An attacker can remotely reset the administrator password to a known value, gaining full control of video feeds and device settings. The CVSS base score is 9.1, indicating high impact on confidentiality and integrity.\n\nThe vendor has released a firmware bundle that patches the flaw. Applying it restores proper authentication, but the KM‑IP421 loses its cloud authorization after the update, meaning customers must contact support to re‑enable P2P connections. The fix is essential for any deployment in critical sectors such as government, finance, or transportation, where camera compromise could aid physical intrusion or espionage.\n\nCISA advises operators to isolate surveillance gear on a dedicated network, restrict internet access, and keep firmware current. If the update cannot be applied immediately, firewall the devices, disable remote access, and monitor for unusual traffic. In short, the vulnerability is severe, a patch exists, and a disciplined network‑segmentation plus prompt updating strategy is the only realistic mitigation.","[\"cctv\",\"vulnerability\",\"firmware\",\"ics\"]","2026-05-28T12:00:00.000Z","2026-06-16T03:53:03.535Z","2026-06-16T03:53:09.562Z","published",null,[24,30],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Add a clear concluding paragraph that summarizes the news and its impact, as the draft ends without a proper wrap‑up.","resolved",{"id":31,"reviewer":26,"round":32,"reason":33,"status":29},"editor-r2",2,"Add a clear concluding paragraph that succinctly summarizes the vulnerability, the fix, and the recommended actions for readers.","https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fkmw-cctv-cameras-vulnerable-to-unauthenticated-password-reset.webp",[36,37,38,39],"cctv","vulnerability","firmware","ics",[41],{"name":42,"url":43},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-148-06",0]