Critical KMW CCTV Flaw Allows Unauthorised Access to Surveillance Feeds

**Executive Summary:** A critical authentication-bypass vulnerability (CVE-2026-5386) in KMW CCTV cameras enables unauthorized password changes and potential full takeover of affected devices, risking exposure of live surveillance feeds and device configurations; CISA disclosed the issue (CVSS v3 9.1) affecting KM-IP521 and KM-IP421 firmware versions and recommends network segmentation, firewalling, VPNs, and monitoring—no active exploitation was reported at disclosure.