CRITICAL🇵🇱 Wersja polska

CVE-2025-65856

CVSS 9.8v3.1pub. 2025-12-22upd. 2026-07-05

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.

🤖 AI Analysis
How it works

The implementation of the ONVIF protocol in the camera's firmware does not enforce authentication on 31 critical endpoints. An attacker can directly send requests to these endpoints without providing any authentication credentials. As a result, unauthorized access to video streams and device information over the network is possible without any user interaction.

Impact

An attacker can gain unauthorized access to live video streams and sensitive device information, leading to violation of confidentiality of monitored areas and potential exposure of camera configuration data.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until updates are deployed, it is recommended to isolate cameras from the public network, use a firewall blocking access to ONVIF ports from untrusted networks, and place devices in a dedicated VLAN network segment with restricted access.

Who is affected

Xiongmai XM530 IP cameras (Xiongmaitech Xm530V200 X6-Weq 8M) with firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Xiongmaitech Xm530v200 X6 Weq 8m

    HW
    Xiongmaitech
    wszystkie wersje
  • Xiongmaitech Xm530v200 X6 Weq 8m Firmware

    OS
    Xiongmaitech
    5.00.r02.000807d8.10010.346624.s.onvif_21.06
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-65857HIGH7.5ten sam produkt

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06...

CVE-2022-45460CRITICAL9.8ten sam vendor

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02....

CVE-2021-41506CRITICAL9.8ten sam vendor

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-...

CVE-2020-22253CRITICAL9.8ten sam vendor

Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7...

CVE-2018-17915CRITICAL9.8ten sam vendor

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communi...