Milesight Cameras

Plan PatchCVSS 9.8ICS-CERT ICSA-26-113-03Apr 23, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Milesight IP cameras allow remote attackers to crash the device or execute arbitrary code. The vulnerabilities stem from improper input validation (CWE-122), use of hardcoded credentials (CWE-798), insufficient cryptographic controls (CWE-321), command injection (CWE-78), and improper restriction of rendered UI layers (CWE-639). Affected products span PE, PC, PA, PD, and G1 series cameras, as well as thermal and network-attached models. Successful exploitation requires only network access and no authentication.

What this means

What could happen

An attacker with network access to a Milesight camera could run commands on the device to crash it or alter its configuration, potentially disabling surveillance at critical facility locations or pivoting to downstream systems like access control networks.

Who's at risk

Milesight IP camera operators including water utilities, electric utilities, and municipal facilities using these cameras for perimeter monitoring, facility access points, or critical infrastructure surveillance. All Milesight PE, PC, PA, PD, G1, and network camera series are affected.

How it could be exploited

An attacker on the network containing the camera (or with internet routing to it) can send a specially crafted request to the camera's web interface or management port without authentication. The camera processes the request in a vulnerable code path, allowing the attacker to execute arbitrary commands with camera privileges or trigger a crash that disables the device.

Prerequisites

Network reachability to the camera's management interface (typically HTTP/HTTPS port 80 or 443)
No authentication required

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (9.8)Affects multiple camera models across product lines

Affected products (82)

82 with fix

ProductAffected VersionsFix Status

MS-Cxx63-PD≤ 51.7.0.77-r1251.7.0.77-r13

MS-Cxx64-xPD≤ 51.7.0.77-r1251.7.0.77-r13

MS-Cxx73-xPD≤ 51.7.0.77-r1251.7.0.77-r13

MS-Cxx75-xxPD≤ 51.7.0.77-r1251.7.0.77-r13

MS-Cxx83-xPD≤ 51.7.0.77-r1251.7.0.77-r13

Remediation & Mitigation

0/8

Do now

0/1

HARDENINGRestrict network access to camera management interfaces to only authorized personnel and systems; use firewall rules to block direct internet access to cameras

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all Milesight PE series cameras to firmware version 61.8.0.5-r3 or later

HOTFIXUpdate all Milesight PA series cameras to firmware version 3x.8.0.3-r13 or later

HOTFIXUpdate all Milesight PD series cameras to firmware version 51.7.0.77-r13 or later

HOTFIXUpdate all Milesight PC series cameras to firmware version 48.8.0.4-r4 or later

HOTFIXUpdate all Milesight G1 series cameras to firmware version 63.8.0.5-r4 or later

HOTFIXUpdate all Milesight Network series cameras (N models) to firmware version 7x.9.0.19-r6 or later

Long-term hardening

0/1

HARDENINGIf cameras must remain on the internet-facing network, place them behind a reverse proxy or VPN gateway that provides authentication and encryption

CVEs (5)

CVE-2026-28747 CVE-2026-27785 CVE-2026-32644 CVE-2026-32649 CVE-2026-20766

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e64a2863-eafa-4da6-aa0b-d5367535c33d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.