Skip to main content

Km Ip421

1 CVEs product

Monthly

CVE-2026-5386 CRITICAL CISA Emergency

Unauthenticated administrator password reset in KMW KM-IP521 and KM-IP421 CCTV cameras allows remote network-based attackers to reset the admin credential to a known value and obtain full control of the device, including live video feeds and configuration. The flaw is classified under CWE-620 (Unverified Password Change) and was disclosed via CISA's ICS-CERT coordination channel with a CVSS 9.1 rating. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the trivial attack complexity and lack of authentication make it high-priority for any internet- or LAN-exposed deployments.

Information Disclosure Km Ip521 Km Ip421
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
EPSS 0% CVSS 9.1
CRITICAL Emergency

Unauthenticated administrator password reset in KMW KM-IP521 and KM-IP421 CCTV cameras allows remote network-based attackers to reset the admin credential to a known value and obtain full control of the device, including live video feeds and configuration. The flaw is classified under CWE-620 (Unverified Password Change) and was disclosed via CISA's ICS-CERT coordination channel with a CVSS 9.1 rating. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the trivial attack complexity and lack of authentication make it high-priority for any internet- or LAN-exposed deployments.

Information Disclosure Km Ip521 Km Ip421
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy