---
title: "Critical Vulnerabilities in Milesight Cameras Enable Remote Attacks"
short_title: "Milesight cameras hit by critical flaws"
description: "Five severe vulnerabilities in Milesight cameras allow remote code execution, device crashes, and unauthorized access. Update firmware now to secure systems."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [milesight, cve-2026, iot-security, rce, hardcoded-credentials]
score: 0.92
cve_ids: [CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766]
---
## TL;DR
Five critical vulnerabilities in Milesight AIOT cameras, including hardcoded credentials and command injection flaws, expose devices to remote code execution (RCE) and crashes. Over 70 camera models are affected worldwide, with patches available. Organizations must update firmware immediately to mitigate risks.
Main Content
Milesight, a global provider of AI-powered surveillance solutions, has disclosed five severe vulnerabilities in its AIOT camera firmware. These flaws, identified as CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, and CVE-2026-20766, enable attackers to bypass authorization, execute arbitrary code, and compromise device integrity. Successful exploitation could lead to remote code execution (RCE), device crashes, or unauthorized access to sensitive surveillance feeds.
### Key Points
- 70+ Milesight camera models are affected, including industrial, commercial, and AIOT-specific devices.
- Vulnerabilities include hardcoded credentials, command injection, and heap-based buffer overflows, with CVSS scores up to 9.8 (Critical).
- Exploitation could allow attackers to take control of cameras, disrupt operations, or pivot to broader network attacks.
- Patches are available for all affected firmware versions. Users must update immediately to secure their systems.
- No known public exploitation has been reported, but the severity of these flaws demands urgent action.
Technical Details
#### 1. Vulnerability Breakdown
The vulnerabilities are categorized as follows:
| CVE ID | Type | CVSS Score | Severity | Impact |
|--------------------|-----------------------------------------------|----------------|---------------|---------------------------------------------------------------------------|
| CVE-2026-28747 | Authorization Bypass Through User-Controlled Key | 7.1 | High | Unauthorized access to camera functions and data. |
| CVE-2026-27785 | Use of Hard-coded Credentials | 8.8 | High | Attackers can log in using default credentials, gaining full control. |
| CVE-2026-32644 | Use of Hard-coded Cryptographic Key | 9.8 | Critical | Compromises encrypted communications, enabling man-in-the-middle attacks. |
| CVE-2026-32649 | OS Command Injection | 6.8 | Medium | Arbitrary command execution on the device, leading to RCE. |
| CVE-2026-20766 | Heap-based Buffer Overflow | 8.8 | High | Crashes the device or enables RCE through memory corruption. |
#### 2. Affected Systems
The vulnerabilities impact a wide range of Milesight camera models, including but not limited to:
- AIOT Series: MS-Cxx63-PD, MS-Cxx64-xPD, MS-Cxx73-xPD, MS-Cxx75-xxPD, MS-Cxx83-xPD.
- Industrial Series: MS-C8477-HPG1, MS-C8477-PC, MS-C5321-FPE.
- Commercial Series: MS-Cxx72-xxxPE, MS-Cxx62-xxxPE, MS-Cxx52-xxxPE.
- License Plate Recognition (LPR) Series: PMC8266-FPE, PM3322-E, TS4466-X4RIPG1.
- Specialized Models: SC211, SP111, and various firmware packages (e.g., MS-Cxx66-RFIPKG1).
A full list of affected models and firmware versions is available in the CISA advisory.
#### 3. Attack Vector
Attackers can exploit these vulnerabilities remotely without authentication, particularly in environments where cameras are exposed to the internet or unsecured networks. Key attack scenarios include:
- Hardcoded Credentials (CVE-2026-27785): Attackers use default or hardcoded passwords to gain administrative access.
- Command Injection (CVE-2026-32649): Malicious commands are injected via the web interface, enabling RCE.
- Heap-based Buffer Overflow (CVE-2026-20766): Crafted input triggers memory corruption, leading to crashes or code execution.
- Hard-coded Cryptographic Keys (CVE-2026-32644): Attackers decrypt sensitive data or intercept communications.
### Impact Assessment
The implications of these vulnerabilities are severe, particularly for organizations relying on Milesight cameras for critical infrastructure, commercial facilities, or public safety:
- Unauthorized Access: Attackers can view, alter, or delete surveillance footage, compromising security and privacy.
- Remote Code Execution: Exploitation could allow attackers to take full control of cameras, turning them into entry points for broader network attacks.
- Disruption of Operations: Crashes or malfunctions could disable surveillance systems, creating blind spots for physical security.
- Data Breaches: Hardcoded credentials and cryptographic keys may expose sensitive data, including video feeds and network configurations.
- Regulatory and Compliance Risks: Organizations in regulated sectors (e.g., finance, healthcare, government) may face penalties for failing to secure vulnerable systems.
### Mitigation Steps
Milesight has released firmware updates to address all five vulnerabilities. Organizations must take the following steps immediately:
1. Update Firmware:
- Download the latest firmware for affected models from the Milesight support page.
- Apply updates without delay to all vulnerable devices.
2. Isolate Cameras from the Internet:
- Ensure cameras are not exposed to the internet. Use firewalls to restrict access to trusted networks only.
- Implement network segmentation to isolate cameras from critical business systems.
3. Change Default Credentials:
- Replace default passwords with strong, unique credentials for all camera accounts.
- Enforce multi-factor authentication (MFA) where possible.
4. Monitor for Suspicious Activity:
- Deploy intrusion detection systems (IDS) to monitor camera networks for signs of exploitation.
- Review logs regularly for unauthorized access attempts or unusual commands.
5. Report Vulnerabilities:
- Milesight encourages users to report potential security issues to [email protected].
- Refer to the Milesight Vulnerability Reporting Policy for guidelines.
## Conclusion
The discovery of these five critical vulnerabilities in Milesight cameras underscores the growing risks associated with IoT and surveillance devices. Organizations must act swiftly to patch affected systems, isolate cameras from unsecured networks, and implement robust security practices. Failure to address these flaws could result in remote attacks, data breaches, and compromised physical security.
As IoT devices become increasingly integral to business operations, vendors and users alike must prioritize proactive security measures, including regular firmware updates and network monitoring. The Milesight vulnerabilities serve as a stark reminder of the potential consequences of overlooked security gaps in connected systems.
## References
^[1]: CISA. "ICSA-26-113-03: Milesight Cameras Vulnerabilities". Retrieved 2024-10-02.
^[2]: Milesight. "Firmware Downloads and Security Updates". Retrieved 2024-10-02.
^[3]: MITRE. "CWE-798: Use of Hard-coded Credentials". Retrieved 2024-10-02.
^[4]: MITRE. "CWE-321: Use of Hard-coded Cryptographic Key". Retrieved 2024-10-02.