top of page
perceptive_background_267k.jpg

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

Published:

27 April 2026 at 22:00:00

Alert date:

28 April 2026 at 02:02:55

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure

Specific firmware versions of Milesight AIOT cameras contain a critical security vulnerability where SSL certificates are configured with default private keys. This vulnerability allows attackers to potentially intercept and decrypt SSL/TLS communications by using the known default private keys. The issue affects multiple firmware versions of Milesight AIOT camera products and poses a significant risk to secure communications. Organizations using affected Milesight AIOT cameras should update their firmware immediately to versions that generate unique SSL certificates with proper private keys.

Technical details

Mitigation steps:

Affected products:

Milesight AIOT cameras

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-32644
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03
https://www.milesight.com/support/download/firmware

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page