Xiongmai IP Camera Flaw Allows Remote Access & Auth

A critical vulnerability has been disclosed in Hangzhou Xiongmai Technology’s XM530 IP Cameras, undermining the very security they are designed to provide. These devices, intended to safeguard commercial facilities, now put those networks at significant risk.

Tracked under the alert code ICSA-26-113-05 and officially designated as CVE-2025-65856, this flaw allows cybercriminals to bypass authentication entirely.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on April 23, 2026, warning organizations worldwide about the severe risk of unauthorized remote access.

The core issue stems from a missing authentication check for a critical function within the camera’s firmware. In simple terms, the device software fails to properly verify if a user has the correct login credentials before granting administrative access.

Because of this oversight, the vulnerability has a maximum CVSS v3 score of 9.8 out of 10, placing it in the critical security threat category.

This flaw specifically affects the XM530V200_X6-WEQ_8M firmware version V5.00.R02.000807D8.10010. 346624.S. ONVIF_21.06.

If successfully exploited, an unauthenticated hacker on the network can seamlessly bypass login screens to view live video feeds, control camera settings, or extract sensitive data directly from the hardware.

Public Exploit Code Available

Security researcher Luis Miranda Acebedo authored and published a working Proof of Concept (PoC) exploit for this vulnerability. CISA discovered this public code and quickly reported it to MITRE for official tracking.

While CISA notes that no active cyberattacks targeting this specific flaw have been reported in the wild yet, the public availability of a PoC significantly raises the threat level.

It provides a blueprint that makes it incredibly easy for bad actors to launch automated attacks.

Since Xiongmai IP cameras are heavily deployed across commercial facilities worldwide, thousands of businesses could be unknowingly exposed to unauthorized surveillance.

Because these Internet of Things (IoT) devices are often placed in sensitive locations, organizations must take immediate defensive action to prevent potential breaches.

CISA recommends that network administrators implement the following protective measures immediately to secure their environments:

• Disconnect control system devices from the public internet to completely minimize network exposure.
• Place camera networks and remote devices behind strict firewalls to isolate them from internal business networks.
• Use secure Virtual Private Networks (VPNs) when remote access to the cameras is necessary.
• Update all VPN software to the most current versions to prevent secondary intrusion tactics.
• Perform a thorough impact analysis and risk assessment before deploying any new defensive network measures.
• Educate staff to avoid clicking suspicious web links or email attachments to prevent related social engineering attacks.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.