You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
onvif authentication bypass
About this tag
The onvif authentication bypass tag covers a critical security vulnerability in Hangzhou Xiongmai XM530 IP cameras, as detailed in a CISA ICS advisory. The flaw, rated CVSS 9.8, allows unauthenticated attackers to access sensitive device information and live video streams via ONVIF protocol. The affected firmware version is V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06, and the issue is classified as CWE-306 Missing Authentication for Critical Function. CISA notes that the vendor has not responded to mitigation requests, and recommends keeping devices off the internet and behind firewalls. This tag is relevant for security professionals and IT administrators managing ONVIF-compatible surveillance equipment.
The latest CISA ICS advisory on the Hangzhou Xiongmai Technology Co., Ltd. XM530 IP Camera describes a severe authentication bypass that could let an unauthenticated attacker reach sensitive device information and live video streams. CISA says the affected firmware is...