FeedVulnerabilityXiongmai IP Camera Vulnerability Let Attackers Bypass Authen...
VulnerabilityCyber Security News
9.8CRITICAL

Xiongmai IP Camera Vulnerability Let Attackers Bypass Authentication and have Remote Access

📅 24 April 2026 at 11:40 UTC📰 Cyber Security NewsView original source ↗
Xiongmai IP Camera Vulnerability Let Attackers Bypass Authentication and have Remote Access

Security cameras are designed to keep commercial facilities safe. However, a newly disclosed critical vulnerability in Hangzhou Xiongmai Technology’s XM530 IP Cameras is putting networks at risk. Tracked under the alert code ICSA-26-113-05 and officially designated as CVE-2025-65856, this flaw allows cybercriminals to bypass authentication entirely. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued […] The post Xiongmai IP Camera Vulnerability Let Attackers Bypass Authentication and have Remote Access appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A critical authentication bypass vulnerability (CVE-2025-65856) in Xiongmai XM530 IP cameras allows unauthenticated remote attackers to access sensitive device information and live video streams, putting networks at risk.

⚙️Technical Details
💥Impact Assessment
Severity: Critical
Who Is at Risk
Commercial facilities with Xiongmai XM530 IP cameras
🛡️Recommended Actions
1Immediately update firmware to version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 or later
2Disable remote access and authentication for non-essential users
3Monitor network activity for suspicious login attempts
📦Affected Products
Xiongmaitech Xm530V200 X6-Weq 8MXiongmaitech Xm530V200 X6-Weq 8M Firmware
🔐NVD Verified DataVERIFIED
CVE-2025-65856CVSS 9.8CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-306
Affected Products (CPE)
Xiongmaitech Xm530V200 X6-Weq 8MXiongmaitech Xm530V200 X6-Weq 8M Firmware

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News
← Back to feed