CVE-2026-20766 - Vulnerability Details - OpenCVE

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03
https://www.milesight.com/support/download/firmware

History

Tue, 28 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
Title		Milesight Cameras Heap-based Buffer Overflow
Weaknesses		CWE-122
References		https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03 https://www.milesight.com/support/download/firmware
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2026-04-27T23:45:52.896Z

Updated: 2026-04-27T23:45:52.896Z

Reserved: 2026-03-12T17:51:09.860Z

Link: CVE-2026-20766

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-28T01:16:00.233

Modified: 2026-04-28T01:16:00.233

Link: CVE-2026-20766

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20766", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-03-12T17:51:09.860Z", "datePublished": "2026-04-27T23:45:52.896Z", "dateUpdated": "2026-04-27T23:45:52.896Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-27T23:45:52.896Z"}, "title": "Milesight Cameras Heap-based Buffer Overflow", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122", "type": "CWE"}]}], "affected": [{"vendor": "Milesight", "product": "MS-Cxx63-PD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx64-xPD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx73-xPD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx75-xxPD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx83-xPD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx74-PA", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "3x.8.0.3-r11", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C8477-HPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C8477-PC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "48.8.0.4-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C5321-FPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "62.8.0.4-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx72-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx62-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx52-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-xxxGPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx61-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx67-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx71-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx41-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx76-PE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx65-PE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.5-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx62-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.5-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx72-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.5-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-CQxx31-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "CQ_63.8.0.5-r1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-CQxx68-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "CQ_63.8.0.5-r1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-CQxx72-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "CQ_63.8.0.5-r1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-NxE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxG", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxH", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxT", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "PMC8266-FPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "PO_61.8.0.4_LPR", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "PMC8266-FGPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "PO_61.8.0.4_LPR", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "PM3322-E", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "PI_61.8.0.3_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RIPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5366-X12RIPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4RIPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RIVPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-RFIVPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4RIVPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-RFIVPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RIWG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4RIWG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5510-GVH", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_47.8.0.4_LPR-r7", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5510-GH", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_47.8.0.4_LPR-r6", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5511-GVH", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_47.8.0.4_LPR-r6", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2966-X12TPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5366-X12PE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4PE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2966-X12TVPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RVPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5366-X12VPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4VPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4441-X36RPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4441-X36RE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RWE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4WE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2964-RFLPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2972-RFLPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2966-RFLWPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2866-X4TPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2866-X4TVPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2866-X4TGPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2841-X36TPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2841-X36TPC/W", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2867-X5TPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2961-X12TPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-FPC/P", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2966-X12RLPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2966-X12RLVPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C5366-X12LPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C5366-X12LVPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C5361-X12LPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-xxxxGOPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "45.8.0.2-AIoT-r4", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "SC211", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "C_21.1.0.8-r4", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "SP111", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "52.8.0.4-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-RFIPKG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r1-NX", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx72-RFIPKG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r1-NX", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-FIPKG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r1-NX", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx72-FIPKG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r1-NX", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.</span>"}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json"}, {"url": "https://www.milesight.com/support/download/firmware"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u00a0\n https://www.milesight.com/support/download/firmware \n\nMS-Cxx63-PD: Update to 51.7.0.77-r13\n\nMS-Cxx64-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx73-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx75-xxPD: Update to 51.7.0.77-r13\n\nMS-Cxx83-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx74-PA: Update to 3x.8.0.3-r13\n\nMS-C8477-HPG1: Update to 63.8.0.4-r4\n\n\u00a0MS-C8477-PC: Update to 48.8.0.4-r4\n\nMS-C5321-FPE: Update to 62.8.0.4-r6\n\nMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\n\nMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx76-PE: Update to 61.8.0.5-r2\n\nMS-Cxx65-PE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\n\nMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u00a0\n\nMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\n\nPMC8266-FPE: Update to PO_61.8.0.4-r1\n\nPMC8266-FGPE: Update to PO_61.8.0.4-r1\n\nPM3322-E: Update to PI_61.8.0.3-r5\n\nTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u00a0\n\nTS5366-X12RIPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS5510-GVH: Update to T_47.8.0.4-r8\n\nTS5510-GH: Update to T_47.8.0.4-r8\n\nTS5511-GVH: Update to T_47.8.0.4-r8\n\nTS2966-X12TPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RPE: Update to T_61.8.0.4-r4\n\nTS5366-X12PE: Update to T_61.8.0.4-r4\n\nTS8266-X4PE: Update to T_61.8.0.4-r4\n\nTS2966-X12TVPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RVPE: Update to T_61.8.0.4-r4\n\nTS5366-X12VPE: Update to T_61.8.0.4-r4\n\nTS8266-X4VPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RE: Update to T_61.8.0.4-r4\n\nTS4466-X4RWE: Update to T_61.8.0.4-r4\n\nTS8266-X4WE: Update to T_61.8.0.4-r4\n\nMS-C2964-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2972-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TVPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TGPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC/W: Update to T_45.8.0.3-r10\n\nTS2867-X5TPC: Update to T_45.8.0.3-r10\n\nTS2961-X12TPC: Update to T_45.8.0.3-r10\n\nTS8266-FPC/P: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\n\nMS-C5361-X12LPC: Update to T_45.8.0.3-r10\n\nMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\n\nSC211: Update to C_21.1.0.8-r5\n\nSP111: Update to 52.8.0.4-r6\n\nMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware. <br><a href=\"https://www.milesight.com/support/download/firmware\" title=\"(opens in a new window)\">https://www.milesight.com/support/download/firmware</a></p><p>MS-Cxx63-PD: Update to 51.7.0.77-r13</p><p>MS-Cxx64-xPD: Update to 51.7.0.77-r13</p><p>MS-Cxx73-xPD: Update to 51.7.0.77-r13</p><p>MS-Cxx75-xxPD: Update to 51.7.0.77-r13</p><p>MS-Cxx83-xPD: Update to 51.7.0.77-r13</p><p>MS-Cxx74-PA: Update to 3x.8.0.3-r13</p><p>MS-C8477-HPG1: Update to 63.8.0.4-r4</p><p> MS-C8477-PC: Update to 48.8.0.4-r4</p><p>MS-C5321-FPE: Update to 62.8.0.4-r6</p><p>MS-Cxx72-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx62-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx52-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx66-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx66-xxxGPE: Update to 61.8.0.5-r2</p><p>MS-Cxx61-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx67-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx71-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx41-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx76-PE: Update to 61.8.0.5-r2</p><p>MS-Cxx65-PE: Update to 61.8.0.5-r2</p><p>MS-Cxx66-xxxG1: Update to 63.8.0.5-r4</p><p>MS-Cxx62-xxxG1: Update to 63.8.0.5-r4</p><p>MS-Cxx72-xxxG1: Update to 63.8.0.5-r4</p><p>MS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2 </p><p>MS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2</p><p>MS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2</p><p>MS-Nxxxx-NxE: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxC: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxE: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxG: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxH: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxT: Update to 7x.9.0.19-r6</p><p>PMC8266-FPE: Update to PO_61.8.0.4-r1</p><p>PMC8266-FGPE: Update to PO_61.8.0.4-r1</p><p>PM3322-E: Update to PI_61.8.0.3-r5</p><p>TS4466-X4RIPG1: Update to T_63.8.0.4-r4 </p><p>TS5366-X12RIPG1: Update to T_63.8.0.4-r4</p><p>TS8266-X4RIPG1: Update to T_63.8.0.4-r4</p><p>TS4466-X4RIVPG1: Update to T_63.8.0.4-r4</p><p>TS4466-RFIVPG1: Update to T_63.8.0.4-r4</p><p>TS8266-X4RIVPG1: Update to T_63.8.0.4-r4</p><p>TS8266-RFIVPG1: Update to T_63.8.0.4-r4</p><p>TS4466-X4RIWG1: Update to T_63.8.0.4-r4</p><p>TS8266-X4RIWG1: Update to T_63.8.0.4-r4</p><p>TS5510-GVH: Update to T_47.8.0.4-r8</p><p>TS5510-GH: Update to T_47.8.0.4-r8</p><p>TS5511-GVH: Update to T_47.8.0.4-r8</p><p>TS2966-X12TPE: Update to T_61.8.0.4-r4</p><p>TS4466-X4RPE: Update to T_61.8.0.4-r4</p><p>TS5366-X12PE: Update to T_61.8.0.4-r4</p><p>TS8266-X4PE: Update to T_61.8.0.4-r4</p><p>TS2966-X12TVPE: Update to T_61.8.0.4-r4</p><p>TS4466-X4RVPE: Update to T_61.8.0.4-r4</p><p>TS5366-X12VPE: Update to T_61.8.0.4-r4</p><p>TS8266-X4VPE: Update to T_61.8.0.4-r4</p><p>TS4441-X36RPE: Update to T_61.8.0.4-r4</p><p>TS4441-X36RE: Update to T_61.8.0.4-r4</p><p>TS4466-X4RWE: Update to T_61.8.0.4-r4</p><p>TS8266-X4WE: Update to T_61.8.0.4-r4</p><p>MS-C2964-RFLPC: Update to T_45.8.0.3-r10</p><p>MS-C2972-RFLPC: Update to T_45.8.0.3-r10</p><p>MS-C2966-RFLWPC: Update to T_45.8.0.3-r10</p><p>TS2866-X4TPC: Update to T_45.8.0.3-r10</p><p>TS2866-X4TVPC: Update to T_45.8.0.3-r10</p><p>TS2866-X4TGPC: Update to T_45.8.0.3-r10</p><p>TS2841-X36TPC: Update to T_45.8.0.3-r10</p><p>TS2841-X36TPC/W: Update to T_45.8.0.3-r10</p><p>TS2867-X5TPC: Update to T_45.8.0.3-r10</p><p>TS2961-X12TPC: Update to T_45.8.0.3-r10</p><p>TS8266-FPC/P: Update to T_45.8.0.3-r10</p><p>MS-C2966-X12RLPC: Update to T_45.8.0.3-r10</p><p>MS-C2966-X12RLVPC: Update to T_45.8.0.3-r10</p><p>MS-C5366-X12LPC: Update to T_45.8.0.3-r10</p><p>MS-C5366-X12LVPC: Update to T_45.8.0.3-r10</p><p>MS-C5361-X12LPC: Update to T_45.8.0.3-r10</p><p>MS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5</p><p>SC211: Update to C_21.1.0.8-r5</p><p>SP111: Update to 52.8.0.4-r6</p><p>MS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX</p><p>MS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX</p><p>MS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX</p><p>MS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX</p>"}]}, {"lang": "en", "value": "Milesight asks all users to report potential security vulnerabilities to security@milesight.com.\n mailto:security@milesight.com \nLearn more: Milesight Vulnerability Reporting Policy\n https://www.milesight.com/legal/vulnerability-report", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Milesight asks all users to report potential security vulnerabilities to security@milesight.com.<br><a href=\"mailto:security@milesight.com\">mailto:security@milesight.com</a><br>Learn more: Milesight Vulnerability Reporting Policy<br><a href=\"https://www.milesight.com/legal/vulnerability-report\" title=\"(opens in a new window)\">https://www.milesight.com/legal/vulnerability-report</a></p>"}]}], "credits": [{"lang": "en", "value": "Souvik Kandar reported these vulnerabilities to CISA", "type": "finder"}], "source": {"advisory": "ICSA-26-113-03", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras."}], "id": "CVE-2026-20766", "lastModified": "2026-04-28T01:16:00.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-04-28T01:16:00.233", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.milesight.com/support/download/firmware"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}