Critical Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication and Gain Remote Access

A critical security vulnerability has been discovered in Hangzhou Xiongmai Technology’s XM530 IP cameras, placing a large number of commercial deployments at serious risk.

The issue allows remote attackers to bypass authentication mechanisms and gain unauthorized access to sensitive device data.

The Cybersecurity and Infrastructure Security Agency (CISA) officially disclosed the vulnerability on April 23, 2026, warning organizations about the potential impact.

These cameras are widely used across commercial environments, making the flaw particularly concerning for enterprise security teams.

Vulnerability Details and Impact

The vulnerability is tracked as CVE-2025-65856 and has been assigned a CVSS v3 score of 9.8, indicating critical severity.

The root cause is a missing authentication check within a key function of the device firmware.

Due to this flaw, attackers do not need valid credentials to interact with the affected system.

This enables them to remotely access sensitive information, manipulate device settings, or potentially use the compromised camera as a pivot point in a network.

The affected device version includes:

• XM530V200_X6-WEQ_8M firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06

Although CISA has stated that there is currently no evidence of active exploitation in the wild, the risk remains high due to the nature of the vulnerability.

Security researcher Luis Miranda Acebedo has developed and shared a public Proof of Concept (PoC) exploit, which has been reported to MITRE. The availability of this PoC significantly lowers the technical barrier for threat actors.

Attackers can now easily scan the internet for vulnerable devices and attempt exploitation without needing to develop their own attack methods.

This increases the likelihood of opportunistic attacks targeting exposed IP cameras globally.

CISA strongly urges organizations to take immediate defensive actions instead of waiting for an official firmware patch.

Key recommendations include:

• Avoid exposing IP cameras directly to the internet.
• Place affected devices behind firewalls and restrict access.
• Isolate camera systems from core business networks.
• Use secure VPNs for remote administrative access.
• Conduct internal audits to identify vulnerable hardware.

Additionally, organizations should perform risk assessments before implementing changes and ensure proper network segmentation to limit potential damage.

Beyond technical controls, CISA emphasizes the importance of employee awareness. Staff should remain cautious of phishing attempts and avoid interacting with suspicious links or attachments that may facilitate further compromise.

Organizations detecting unusual or malicious activity related to these devices are encouraged to report incidents to CISA. This helps improve threat tracking and supports broader incident response efforts.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Critical Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication and Gain Remote Access appeared first on Cyber Security News.