Summary
Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device.
The following versions of Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera are affected:
- IP Camera XM530V200_X6-WEQ_8M firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 (CVE-2025-65856)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.8 | Hangzhou Xiongmai Technology Co., Ltd | Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera | Missing Authentication for Critical Function |
Background
- Critical Infrastructure Sectors: Commercial Facilities
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: China
Vulnerabilities
CVE-2025-65856
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.
Affected Products
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
Hangzhou Xiongmai Technology Co., Ltd
Hangzhou Xiongmai Technology Co., Ltd IP Camera XM530V200_X6-WEQ_8M firmware: V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06
known_affected
Remediations
Mitigation
Hangzhou Xiongmai Technology Co., Ltd has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of XM530 IP cameras are invited to contact Xiongmai Technology customer support for additional information (https://www.xiongmaitech.com/en/index.php/about/contact/42).
https://www.xiongmaitech.com/en/index.php/about/contact/42
Relevant CWE: CWE-306 Missing Authentication for Critical Function
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Acknowledgments
- CISA discovered a public Proof of Concept (PoC) as authored by Luis Miranda Acebedo and reported it to MITRE
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber de
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: