Successful exploitation of this vulnerability may grant full unauthorized access to camera feeds and settings.
The following versions of KMW CCTV Security Cameras are affected:
KM-IP521 IPCAM_V4.04.91.230307
KM-IP421 IPCAM_V4.04.53.210416
Vendor
Equipment
KMW
KMW CCTV Security Cameras
Unverified Password Change
Critical Infrastructure Sectors: Commercial Facilities, Government Services and Facilities, Critical Manufacturing, Financial Services, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Romania
The affected product is vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.
KMW CCTV Security Cameras
MitigationKMW has issued a firmware update to address this...