CVE-2026-28747 - Vulnerability Details - OpenCVE

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03
https://www.milesight.com/support/download/firmware

History

Mon, 27 Apr 2026 23:00:00 +0000

Type	Values Removed	Values Added
Description		A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
Title		Milesight Cameras Authorization Bypass Through User-Controlled Key
Weaknesses		CWE-639
References		https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03 https://www.milesight.com/support/download/firmware
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2026-04-27T22:44:52.012Z

Updated: 2026-04-27T23:31:53.318Z

Reserved: 2026-03-12T17:51:09.913Z

Link: CVE-2026-28747

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-27T23:16:02.820

Modified: 2026-04-27T23:16:02.820

Link: CVE-2026-28747

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28747", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-03-12T17:51:09.913Z", "datePublished": "2026-04-27T22:44:52.012Z", "dateUpdated": "2026-04-27T23:31:53.318Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-04-27T23:31:53.318Z"}, "title": "Milesight Cameras Authorization Bypass Through User-Controlled Key", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "CWE-639", "type": "CWE"}]}], "affected": [{"vendor": "Milesight", "product": "MS-Cxx63-PD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx64-xPD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx73-xPD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx75-xxPD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx83-xPD", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "51.7.0.77-r12", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx74-PA", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "3x.8.0.3-r11", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C8477-HPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C8477-PC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "48.8.0.4-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C5321-FPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "62.8.0.4-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx72-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx62-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx52-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-xxxGPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx61-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx67-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx71-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx41-xxxPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx76-PE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx65-PE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "61.8.0.5-r2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.5-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx62-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.5-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx72-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.5-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-CQxx31-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "CQ_63.8.0.5-r1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-CQxx68-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "CQ_63.8.0.5-r1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-CQxx72-xxxG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "CQ_63.8.0.5-r1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-NxE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxG", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxH", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Nxxxx-xxT", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7x.9.0.19-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "PMC8266-FPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "PO_61.8.0.4_LPR", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "PMC8266-FGPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "PO_61.8.0.4_LPR", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "PM3322-E", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "PI_61.8.0.3_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RIPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5366-X12RIPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4RIPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RIVPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-RFIVPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4RIVPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-RFIVPG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RIWG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4RIWG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_63.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5510-GVH", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_47.8.0.4_LPR-r7", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5510-GH", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_47.8.0.4_LPR-r6", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5511-GVH", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_47.8.0.4_LPR-r6", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2966-X12TPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5366-X12PE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4PE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2966-X12TVPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RVPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS5366-X12VPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4VPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4441-X36RPE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4441-X36RE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS4466-X4RWE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-X4WE", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_61.8.0.4_LPR-r3", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2964-RFLPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2972-RFLPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2966-RFLWPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2866-X4TPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2866-X4TVPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2866-X4TGPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2841-X36TPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2841-X36TPC/W", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2867-X5TPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS2961-X12TPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "TS8266-FPC/P", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2966-X12RLPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C2966-X12RLVPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C5366-X12LPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C5366-X12LVPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-C5361-X12LPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "T_45.8.0.3-r9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-xxxxGOPC", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "45.8.0.2-AIoT-r4", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "SC211", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "C_21.1.0.8-r4", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "SP111", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "52.8.0.4-r5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-RFIPKG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r1-NX", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx72-RFIPKG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r1-NX", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx66-FIPKG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r1-NX", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Milesight", "product": "MS-Cxx72-FIPKG1", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "63.8.0.4-r1-NX", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed. "}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json"}, {"url": "https://www.milesight.com/support/download/firmware"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u00a0\n https://www.milesight.com/support/download/firmware \n\nMS-Cxx63-PD: Update to 51.7.0.77-r13\n\nMS-Cxx64-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx73-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx75-xxPD: Update to 51.7.0.77-r13\n\nMS-Cxx83-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx74-PA: Update to 3x.8.0.3-r13\n\nMS-C8477-HPG1: Update to 63.8.0.4-r4\n\n\u00a0MS-C8477-PC: Update to 48.8.0.4-r4\n\nMS-C5321-FPE: Update to 62.8.0.4-r6\n\nMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\n\nMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx76-PE: Update to 61.8.0.5-r2\n\nMS-Cxx65-PE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\n\nMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u00a0\n\nMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\n\nPMC8266-FPE: Update to PO_61.8.0.4-r1\n\nPMC8266-FGPE: Update to PO_61.8.0.4-r1\n\nPM3322-E: Update to PI_61.8.0.3-r5\n\nTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u00a0\n\nTS5366-X12RIPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS5510-GVH: Update to T_47.8.0.4-r8\n\nTS5510-GH: Update to T_47.8.0.4-r8\n\nTS5511-GVH: Update to T_47.8.0.4-r8\n\nTS2966-X12TPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RPE: Update to T_61.8.0.4-r4\n\nTS5366-X12PE: Update to T_61.8.0.4-r4\n\nTS8266-X4PE: Update to T_61.8.0.4-r4\n\nTS2966-X12TVPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RVPE: Update to T_61.8.0.4-r4\n\nTS5366-X12VPE: Update to T_61.8.0.4-r4\n\nTS8266-X4VPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RE: Update to T_61.8.0.4-r4\n\nTS4466-X4RWE: Update to T_61.8.0.4-r4\n\nTS8266-X4WE: Update to T_61.8.0.4-r4\n\nMS-C2964-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2972-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TVPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TGPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC/W: Update to T_45.8.0.3-r10\n\nTS2867-X5TPC: Update to T_45.8.0.3-r10\n\nTS2961-X12TPC: Update to T_45.8.0.3-r10\n\nTS8266-FPC/P: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\n\nMS-C5361-X12LPC: Update to T_45.8.0.3-r10\n\nMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\n\nSC211: Update to C_21.1.0.8-r5\n\nSP111: Update to 52.8.0.4-r6\n\nMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware. <br><a href=\"https://www.milesight.com/support/download/firmware\" title=\"(opens in a new window)\">https://www.milesight.com/support/download/firmware</a></p><p>MS-Cxx63-PD: Update to 51.7.0.77-r13</p><p>MS-Cxx64-xPD: Update to 51.7.0.77-r13</p><p>MS-Cxx73-xPD: Update to 51.7.0.77-r13</p><p>MS-Cxx75-xxPD: Update to 51.7.0.77-r13</p><p>MS-Cxx83-xPD: Update to 51.7.0.77-r13</p><p>MS-Cxx74-PA: Update to 3x.8.0.3-r13</p><p>MS-C8477-HPG1: Update to 63.8.0.4-r4</p><p> MS-C8477-PC: Update to 48.8.0.4-r4</p><p>MS-C5321-FPE: Update to 62.8.0.4-r6</p><p>MS-Cxx72-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx62-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx52-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx66-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx66-xxxGPE: Update to 61.8.0.5-r2</p><p>MS-Cxx61-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx67-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx71-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx41-xxxPE: Update to 61.8.0.5-r2</p><p>MS-Cxx76-PE: Update to 61.8.0.5-r2</p><p>MS-Cxx65-PE: Update to 61.8.0.5-r2</p><p>MS-Cxx66-xxxG1: Update to 63.8.0.5-r4</p><p>MS-Cxx62-xxxG1: Update to 63.8.0.5-r4</p><p>MS-Cxx72-xxxG1: Update to 63.8.0.5-r4</p><p>MS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2 </p><p>MS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2</p><p>MS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2</p><p>MS-Nxxxx-NxE: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxC: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxE: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxG: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxH: Update to 7x.9.0.19-r6</p><p>MS-Nxxxx-xxT: Update to 7x.9.0.19-r6</p><p>PMC8266-FPE: Update to PO_61.8.0.4-r1</p><p>PMC8266-FGPE: Update to PO_61.8.0.4-r1</p><p>PM3322-E: Update to PI_61.8.0.3-r5</p><p>TS4466-X4RIPG1: Update to T_63.8.0.4-r4 </p><p>TS5366-X12RIPG1: Update to T_63.8.0.4-r4</p><p>TS8266-X4RIPG1: Update to T_63.8.0.4-r4</p><p>TS4466-X4RIVPG1: Update to T_63.8.0.4-r4</p><p>TS4466-RFIVPG1: Update to T_63.8.0.4-r4</p><p>TS8266-X4RIVPG1: Update to T_63.8.0.4-r4</p><p>TS8266-RFIVPG1: Update to T_63.8.0.4-r4</p><p>TS4466-X4RIWG1: Update to T_63.8.0.4-r4</p><p>TS8266-X4RIWG1: Update to T_63.8.0.4-r4</p><p>TS5510-GVH: Update to T_47.8.0.4-r8</p><p>TS5510-GH: Update to T_47.8.0.4-r8</p><p>TS5511-GVH: Update to T_47.8.0.4-r8</p><p>TS2966-X12TPE: Update to T_61.8.0.4-r4</p><p>TS4466-X4RPE: Update to T_61.8.0.4-r4</p><p>TS5366-X12PE: Update to T_61.8.0.4-r4</p><p>TS8266-X4PE: Update to T_61.8.0.4-r4</p><p>TS2966-X12TVPE: Update to T_61.8.0.4-r4</p><p>TS4466-X4RVPE: Update to T_61.8.0.4-r4</p><p>TS5366-X12VPE: Update to T_61.8.0.4-r4</p><p>TS8266-X4VPE: Update to T_61.8.0.4-r4</p><p>TS4441-X36RPE: Update to T_61.8.0.4-r4</p><p>TS4441-X36RE: Update to T_61.8.0.4-r4</p><p>TS4466-X4RWE: Update to T_61.8.0.4-r4</p><p>TS8266-X4WE: Update to T_61.8.0.4-r4</p><p>MS-C2964-RFLPC: Update to T_45.8.0.3-r10</p><p>MS-C2972-RFLPC: Update to T_45.8.0.3-r10</p><p>MS-C2966-RFLWPC: Update to T_45.8.0.3-r10</p><p>TS2866-X4TPC: Update to T_45.8.0.3-r10</p><p>TS2866-X4TVPC: Update to T_45.8.0.3-r10</p><p>TS2866-X4TGPC: Update to T_45.8.0.3-r10</p><p>TS2841-X36TPC: Update to T_45.8.0.3-r10</p><p>TS2841-X36TPC/W: Update to T_45.8.0.3-r10</p><p>TS2867-X5TPC: Update to T_45.8.0.3-r10</p><p>TS2961-X12TPC: Update to T_45.8.0.3-r10</p><p>TS8266-FPC/P: Update to T_45.8.0.3-r10</p><p>MS-C2966-X12RLPC: Update to T_45.8.0.3-r10</p><p>MS-C2966-X12RLVPC: Update to T_45.8.0.3-r10</p><p>MS-C5366-X12LPC: Update to T_45.8.0.3-r10</p><p>MS-C5366-X12LVPC: Update to T_45.8.0.3-r10</p><p>MS-C5361-X12LPC: Update to T_45.8.0.3-r10</p><p>MS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5</p><p>SC211: Update to C_21.1.0.8-r5</p><p>SP111: Update to 52.8.0.4-r6</p><p>MS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX</p><p>MS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX</p><p>MS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX</p><p>MS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX</p>"}]}, {"lang": "en", "value": "Milesight asks all users to report potential security vulnerabilities to security@milesight.com.\n mailto:security@milesight.com \nLearn more: Milesight Vulnerability Reporting Policy\n https://www.milesight.com/legal/vulnerability-report", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Milesight asks all users to report potential security vulnerabilities to security@milesight.com.<br><a href=\"mailto:security@milesight.com\">mailto:security@milesight.com</a><br>Learn more: Milesight Vulnerability Reporting Policy<br><a href=\"https://www.milesight.com/legal/vulnerability-report\" title=\"(opens in a new window)\">https://www.milesight.com/legal/vulnerability-report</a></p>"}]}], "credits": [{"lang": "en", "value": "Souvik Kandar reported these vulnerabilities to CISA", "type": "finder"}], "source": {"advisory": "ICSA-26-113-03", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed."}], "id": "CVE-2026-28747", "lastModified": "2026-04-27T23:16:02.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-04-27T23:16:02.820", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.milesight.com/support/download/firmware"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}