THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesApr 23, 2026

Milesight Cameras

Five critical vulnerabilities in Milesight cameras allow RCE, credential bypass, and memory corruption.

Read at source

Summary

CISA published an advisory for five critical vulnerabilities affecting over 60 Milesight camera models and firmware versions worldwide. The vulnerabilities include weak key generation (CVE-2026-28747), hard-coded credentials (CVE-2026-27785), default SSL certificate keys (CVE-2026-32644), OS command injection (CVE-2026-32649), and heap-based buffer overflow (CVE-2026-20766), all enabling remote code execution or device crash. Milesight has released firmware patches and advises immediate updates.

Full text

ICS Advisory Milesight Cameras Release DateApril 23, 2026 Alert CodeICSA-26-113-03 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems View CSAF Summary Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution. The following versions of Milesight Cameras are affected: MS-Cxx63-PD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx64-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx73-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx75-xxPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx83-xPD <=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx74-PA <=3x.8.0.3-r11 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C8477-HPG1 <=63.8.0.4-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C8477-PC <=48.8.0.4-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C5321-FPE <=62.8.0.4-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx72-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx62-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx52-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-xxxGPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx61-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx67-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx71-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx41-xxxPE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx76-PE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx65-PE <=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx66-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx62-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Cxx72-xxxG1 <=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-CQxx31-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-CQxx68-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-CQxx72-xxxG1 <=CQ_63.8.0.5-r1 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-NxE <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxC <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxE <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxG <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxH <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-Nxxxx-xxT <=7x.9.0.19-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) PMC8266-FPE <=PO_61.8.0.4_LPR (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) PMC8266-FGPE <=PO_61.8.0.4_LPR (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) PM3322-E <=PI_61.8.0.3_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5366-X12RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4RIPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-RFIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-RFIVPG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RIWG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4RIWG1 <=T_63.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5510-GVH <=T_47.8.0.4_LPR-r7 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5510-GH <=T_47.8.0.4_LPR-r6 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5511-GVH <=T_47.8.0.4_LPR-r6 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2966-X12TPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5366-X12PE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4PE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2966-X12TVPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RVPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS5366-X12VPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4VPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4441-X36RPE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4441-X36RE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS4466-X4RWE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS8266-X4WE <=T_61.8.0.4_LPR-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C2964-RFLPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C2972-RFLPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) MS-C2966-RFLWPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2866-X4TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2866-X4TVPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2866-X4TGPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2841-X36TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2841-X36TPC/W <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2867-X5TPC <=T_45.8.0.3-r9 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) TS2961-X12TPC <=T_45.8.0.3-r9 (C

Indicators of Compromise

  • cve — CVE-2026-28747
  • cve — CVE-2026-27785
  • cve — CVE-2026-32644
  • cve — CVE-2026-32649
  • cve — CVE-2026-20766

Entities

Milesight (vendor)Milesight Cameras (product)AIOT (Artificial IoT) (technology)Camera Firmware (technology)