Perceptive Security
SOC/SIEM Consultancy
Milesight Cameras
Published:
23 April 2026 at 12:00:00
Alert date:
23 April 2026 at 17:04:31
Source:
cisa.gov
Mobile & IoT, Critical Infrastructure
Multiple critical vulnerabilities affecting over 70 models of Milesight AIOT cameras including authorization bypass, hard-coded credentials, cryptographic key issues, command injection, and heap-based buffer overflow. CVSS scores range from 6.8 to 9.8. Successful exploitation could crash devices or allow remote code execution. Affects commercial facilities sector worldwide with company headquarters in China.
Technical details
Mitigation steps:
Affected products:
Milesight Cameras
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json
https://www.milesight.com/support/download/firmware
https://www.cve.org/CVERecord?id=CVE-2026-28747
https://www.cve.org/CVERecord?id=CVE-2026-27785
https://www.cve.org/CVERecord?id=CVE-2026-32644
https://www.cve.org/CVERecord?id=CVE-2026-32649
https://www.cve.org/CVERecord?id=CVE-2026-20766
https://cwe.mitre.org/data/definitions/639.html
https://cwe.mitre.org/data/definitions/798.html
https://cwe.mitre.org/data/definitions/321.html
https://cwe.mitre.org/data/definitions/78.html
https://cwe.mitre.org/data/definitions/122.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
https://www.milesight.com/legal/vulnerability-report
mailto:security@milesight.com
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.