Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-5386 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-5386 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-5386 is a critical unauthenticated password reset vulnerability affecting KMW CCTV security cameras, allowing remote attackers to take administrative control of affected devices without prior authentication.

Technical Detail

The flaw exists in the password reset functionality of KMW CCTV camera firmware, which fails to enforce authentication or verification before processing a reset request. An unauthenticated remote attacker can send a crafted request to the device's management interface to reset the administrator password to a known or attacker-controlled value, resulting in full administrative access to the device. This constitutes an authentication bypass leading to complete device compromise, enabling an attacker to alter camera configurations, access live or recorded video feeds, pivot to adjacent network segments, or incorporate the device into a botnet.

Exploitation Status

No known exploit code has been publicly documented at this time, and the vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, meaning active in-the-wild exploitation has not been confirmed as of June 05, 2026. However, the trivial nature of the attack, requiring no credentials and no complex preconditions, means the barrier to exploitation is low and the risk of rapid weaponization is elevated.

Who Is Targeting This

No specific threat actor attribution at this time. No confirmed or reported threat actors have been linked to exploitation of this vulnerability. Given the device class, IoT-focused threat actors and botnet operators historically targeting internet-exposed cameras represent a plausible but unconfirmed threat profile.

What To Do

Apply any available firmware updates from KMW immediately, prioritizing internet-exposed devices. If a patch is not yet available, isolate affected cameras from direct internet access by placing them behind a firewall or network access control boundary, and restrict management interface access to trusted internal IP ranges only. Change any default or currently set administrator credentials as an interim measure, though this does not remediate the underlying flaw. Monitor device logs and network traffic for unexpected authentication events or outbound connections originating from camera management interfaces. Organizations should inventory all KMW CCTV deployments and assess exposure as a priority given the critical CVSS score of 9.1.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →