onvif authentication bypass

About this tag
The onvif authentication bypass tag covers a critical security vulnerability in Hangzhou Xiongmai XM530 IP cameras, as detailed in a CISA ICS advisory. The flaw, rated CVSS 9.8, allows unauthenticated attackers to access sensitive device information and live video streams via ONVIF protocol. The affected firmware version is V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06, and the issue is classified as CWE-306 Missing Authentication for Critical Function. CISA notes that the vendor has not responded to mitigation requests, and recommends keeping devices off the internet and behind firewalls. This tag is relevant for security professionals and IT administrators managing ONVIF-compatible surveillance equipment.
  1. CISA Critical Auth Bypass Flaw in Hangzhou XM530 IP Cameras via ONVIF

    The latest CISA ICS advisory on the Hangzhou Xiongmai Technology Co., Ltd. XM530 IP Camera describes a severe authentication bypass that could let an unauthenticated attacker reach sensitive device information and live video streams. CISA says the affected firmware is...