KMW CCTV Security Cameras

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of this vulnerability may grant full unauthorized access to camera feeds and settings.

CVE-2026-5386

KMW has issued a firmware update to address this vulnerability. The firmware update can be found at https://main.kmw.ro/pub/Firmware/521_421.zip.
KM-IP421 - will lose the cloud authorization after this update so users will need to contact customer support to re-authorize the P2P connection.
KMW recommends connecting surveillance equipment on a separate network, allow only specific devices access to the internet, check for firmware updates regularly, and use cloud connections responsibly.
If there are any issues customers are encouraged to contact KMW directly.

KMW

KMW · KM-IP521 IPCAM_V4.04.91.230307

KMW · KM-IP421 IPCAM_V4.04.53.210416

Commercial Facilities, Government Services and Facilities, Critical Manufacturing, Financial Services, Transportation Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.