CVE-2026-5386

CVE-2026-5386 concerns KMW CCTV Security Cameras with a critical unauthenticated password reset that lets an attacker remotely reset the administrator password to a known value, granting full access to feeds and settings. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base sc...

CVE-2026-5386

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...

PT-2026-44967

Name of the Vulnerable Software and Affected Versions KMW CCTV Security Cameras affected versions not specified Description An issue exists that allows an unauthenticated attacker to remotely reset the administrator password to a known value. This action grants full access to the camera settings...

From Ukraine to Iran, Hacking Security Cameras Is Now Part of War’s ‘Playbook’

New research shows hundreds of attempts by apparent Iranian state hackers to hijack consumer-grade cameras, timed to missile and drone strikes. Israel, Russia, and Ukraine have also adopted this trick...

CVE-2020-36873

Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service DDoS attack targeting a single endpoint in Australia that measured 15.72 terabits per second Tbps and nearly 3.64 billion packets per second pps. The tech giant said it was the largest DDo...

CVE-2025-35451

CVE-2025-35451 concerns PTZOptics and ValueHD-based pan-tilt-zoom cameras with hard-coded default administrative credentials. Affected devices expose SSH and/or Telnet on all interfaces, and the default passwords cannot be changed or the services disabled, enabling potential unauthorized admin ac...

The US Is Building a One-Stop Shop for Buying Your Data

Plus: A mysterious hacking group’s secret client is exposed, Signal takes a swipe at Microsoft Recall, Russian hackers target security cameras to spy on aid to Ukraine, and more...

Dahua Security Cameras Uncontrolled Resource Consumption (CVE-2019-9678)

Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC- HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC- HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X...

Dahua Security Cameras Improper Authentication (CVE-2021-33044)

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Dahua Security Cameras Improper Authentication (CVE-2021-33046)

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Dahua Security Cameras Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-9680)

Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC- HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-...

Dahua Security Cameras Incorrect Default Permissions (CVE-2019-9682)

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

Dahua Security Cameras Insecure Storage of Sensitive Information (CVE-2017-7253)

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the fir...

Dahua Security Cameras Missing Authentication for Critical Function (CVE-2019-3948)

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH- SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R a...

Burglars Using Wi-Fi Jammers to Disable Security Cameras

The arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras...

The Privacy Danger Lurking in Push Notifications

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure...

A Tiny Blog Took on Big Surveillance in China—and Won

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war...

ALPHV ransomware gang claims it has hacked Amazon’s Ring

By Deeba Ahmed ALPHV ransomware group threatens to leak sensitive data allegedly stolen from amazon's ring security cameras unless demands are met. This is a post from HackRead.com Read the original post: ALPHV ransomware gang claims it has hacked Amazons Ring...

“Ethnicity recognition” tool listed on surveillance camera app store built by fridge-maker’s video analytics startup

The bizarre promotional video promises “Face analysis based on best of breed Artificial Intelligence algorithms for Business Intelligence and Digital Signage applications.” What follows is footage of a woman pushing her hair behind her ears, a man grimacing and baring his teeth, and an actor in a...