External risk intelligence

KMW CCTV Security Cameras Unauthenticated Password Reset Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-5386

KMW CCTV Security Cameras have a critical vulnerability allowing unauthenticated remote password resets. This could grant attackers full access to camera feeds and settings, compromising monitored areas. Confirm device exposure and relevance to assess risk.

5Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-5386

The vulnerability affects CCTV security cameras, which are commonly deployed as public-facing internet-accessible devices. The nature of the flaw, an unauthenticated password reset, combined with the typical deployment of such cameras for remote monitoring, makes them highly likely to be exposed directly to the public internet.

PCI scan relevance

PCI Relevance for CVE-2026-5386

Yes

CVE-2026-5386 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This critical vulnerability allows unauthenticated remote password reset, granting full access to camera feeds and settings, which would likely cause a PCI ASV scan to fail.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in KMW CCTV Security Cameras that could allow unauthenticated remote attackers to reset administrator passwords, potentially leading to unauthorized access to camera feeds and settings. This issue is notable due to the possibility of widespread, unauthenticated remote compromise.

Unauthenticated password reset on security cameras.
Could allow unauthorized access to video feeds.
Confirm relevance and exposure for affected devices.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by accessing the affected CCTV cameras over the network. Since no authentication is required, they can remotely reset the administrator password to a known value. This grants them complete control over the camera's settings and the ability to view its live feed.

Network access is required.
Unauthenticated password reset triggers vulnerability.
Full camera access and control gained.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could affect KMW CCTV Security Cameras by allowing an unauthenticated attacker to remotely reset the administrator password. This could grant attackers full access to the camera feeds and settings, potentially compromising the security and privacy of monitored areas.

Camera feeds and settings at risk.
Attacker resets password remotely.
Unauthorized access to live footage.

Operational Fix

Recommended remediation, mitigation, and detection steps

Technical leaders and security teams must first identify all instances of the affected KMW CCTV Security Cameras, confirm their network reachability and business criticality, and identify the accountable system owners before planning remediation. This process ensures that responses are prioritized based on actual risk and impact, coordinating efforts across relevant teams.

Ownership: System owners and security teams.
Verify first: Network exposure and asset criticality.
Action: Plan targeted remediation and monitoring.

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What are KMW CCTV Security Cameras used for?

KMW CCTV Security Cameras are hardware devices used for remote video surveillance and monitoring. They are commonly deployed in various settings to provide visual oversight of physical locations, allowing authorized users to view live feeds and manage camera configurations through a network connection.

What is the nature of the vulnerability in CVE-2026-5386?

This vulnerability is classified as CWE-620, which involves an incorrect or missing password change validation. In this specific case, it manifests as a flaw that allows an attacker to bypass authentication entirely. By interacting with the camera, an unauthorized user can force a password reset, effectively granting them full administrative control without needing to know the current credentials.

How can an attacker trigger this password reset?

An attacker can trigger this issue by sending specific, unauthenticated network requests to the device. The vulnerability does not require any prior access to the camera's management interface or existing user accounts. Simply having network reachability to the camera's control service is sufficient; normal, authenticated interactions with the device's standard menus are not required to initiate the reset.

Is my device at risk based on Halo Surface Signal?

According to Halo Surface Signal, there is a very high likelihood of risk if your cameras are connected to the internet. Because these devices are frequently placed on public-facing networks to facilitate remote monitoring, they are often directly discoverable. If your KMW cameras are accessible from the open internet, they are significantly more vulnerable to this remote exploit compared to those isolated on internal, private networks.

What should I do first to manage this security issue?

Begin by auditing your network to identify all deployed KMW CCTV units. Verify which devices have public network exposure, as these require the most immediate attention. Do not perform any updates or configuration changes until you have identified the accountable system owners and assessed the business impact of each device, ensuring that your response strategy is coordinated and prioritized.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.