Xm530V200 X6 Weq 8M Firmware
Monthly
GetStreamUri ONVIF endpoint in Xiongmai XM530 IP cameras exposes RTSP video streams with hardcoded credentials, allowing remote unauthenticated attackers to view live camera feeds without authentication. Affects firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. Publicly available exploit code exists demonstrating credential extraction and direct stream access. EPSS data not available, but the combination of network-accessible attack vector (AV:N), no authentication requirement (PR:N), and public POC creates immediate risk for exposed internet-facing cameras.
GetStreamUri ONVIF endpoint in Xiongmai XM530 IP cameras exposes RTSP video streams with hardcoded credentials, allowing remote unauthenticated attackers to view live camera feeds without authentication. Affects firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. Publicly available exploit code exists demonstrating credential extraction and direct stream access. EPSS data not available, but the combination of network-accessible attack vector (AV:N), no authentication requirement (PR:N), and public POC creates immediate risk for exposed internet-facing cameras.