Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-05.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device. /strong /p p The following versions of Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera are affected: /p ul li IP Camera XM530V200_X6-WEQ_8M firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 (CVE-2025-65856) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Hangzhou Xiongmai Technology Co., Ltd /td td Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong China /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-65856 /a /h3 div class="csaf-accordion-content" p Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-65856" View CVE Details /a /p hr h4 Affected Products /h4 h5 Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Hangzhou Xiongmai Technology Co., Ltd /div div class="ics-version" strong Product Version: /strong br Hangzhou Xiongmai Technology Co., Ltd IP Camera XM530V200_X6-WEQ_8M firmware: V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Hangzhou Xiongmai Technology Co., Ltd has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of XM530 IP cameras are invited to contact Xiongmai Technology customer support for additional information (https://www.xiongmaitech.com/en/index.php/about/contact/42). br a href="https://www.xiongmaitech.com/en/index.php/about/contact/42" https://www.xiongmaitech.com/en/index.php/about/contact/42 /a /p /div p stro
Sign in to read the full article
Create a free account to access all news, downloads, and community features
Originally published by CISA
Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-05
This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.