Description
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
Published: 2026-04-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass
Action: Apply Firmware Patch
AI Analysis

Impact

A weak key generation flaw is present in selected firmware builds of Milesight AIOT cameras. The vulnerability enables an attacker to supply a user‑controlled key that bypasses the device’s standard authorization checks, granting access without proper authentication. This flaw is identified as CWE‑639 and directly affects the cameras’ security controls.

Affected Systems

The affected devices are Milesight AIOT cameras, including models such as MS‑C2964‑RFLPC, MS‑C2966‑RFLWPC, MS‑C2966‑X12RLPC, MS‑C2966‑X12RLVPC, MS‑C2972‑RFLPC, MS‑C5321‑FPE, MS‑C5361‑X12LPC, MS‑C5366‑X12LPC, MS‑C5366‑X12LVPC, MS‑C8477‑HPG1, MS‑C8477‑PC, and many others listed in the vendor’s catalog. The affected firmware versions are those released prior to the updates identified in Milesight’s advisory; for example, firmware updates such as 51.7.0.77‑r13 for the MS‑Cxx63‑PD family, 63.8.0.5‑r4 for the G1 series, and 45.8.0.3‑r10 for the RFLP and X4TPC models contain the fix.

Risk and Exploitability

The CVSS base score of 7.3 indicates a moderate‑to‑high risk to the confidentiality and integrity of the device. EPSS is reported as < 1 %, and the vulnerability is not listed in CISA KEV, suggesting no known widespread public exploitation yet. The likely attack vector is an attacker’s ability to influence key generation on an accessible camera—typically via local network access to the device’s management interface or remote access if the camera is exposed to the internet. Successful exploitation allows an attacker to bypass authorization checks, potentially accessing the camera without proper credentials.

Generated by OpenCVE AI on April 28, 2026 at 23:27 UTC.

Remediation

Vendor Solution

Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.  https://www.milesight.com/support/download/firmware MS-Cxx63-PD: Update to 51.7.0.77-r13 MS-Cxx64-xPD: Update to 51.7.0.77-r13 MS-Cxx73-xPD: Update to 51.7.0.77-r13 MS-Cxx75-xxPD: Update to 51.7.0.77-r13 MS-Cxx83-xPD: Update to 51.7.0.77-r13 MS-Cxx74-PA: Update to 3x.8.0.3-r13 MS-C8477-HPG1: Update to 63.8.0.4-r4  MS-C8477-PC: Update to 48.8.0.4-r4 MS-C5321-FPE: Update to 62.8.0.4-r6 MS-Cxx72-xxxPE: Update to 61.8.0.5-r2 MS-Cxx62-xxxPE: Update to 61.8.0.5-r2 MS-Cxx52-xxxPE: Update to 61.8.0.5-r2 MS-Cxx66-xxxPE: Update to 61.8.0.5-r2 MS-Cxx66-xxxGPE: Update to 61.8.0.5-r2 MS-Cxx61-xxxPE: Update to 61.8.0.5-r2 MS-Cxx67-xxxPE: Update to 61.8.0.5-r2 MS-Cxx71-xxxPE: Update to 61.8.0.5-r2 MS-Cxx41-xxxPE: Update to 61.8.0.5-r2 MS-Cxx76-PE: Update to 61.8.0.5-r2 MS-Cxx65-PE: Update to 61.8.0.5-r2 MS-Cxx66-xxxG1: Update to 63.8.0.5-r4 MS-Cxx62-xxxG1: Update to 63.8.0.5-r4 MS-Cxx72-xxxG1: Update to 63.8.0.5-r4 MS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2  MS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2 MS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2 MS-Nxxxx-NxE: Update to 7x.9.0.19-r6 MS-Nxxxx-xxC: Update to 7x.9.0.19-r6 MS-Nxxxx-xxE: Update to 7x.9.0.19-r6 MS-Nxxxx-xxG: Update to 7x.9.0.19-r6 MS-Nxxxx-xxH: Update to 7x.9.0.19-r6 MS-Nxxxx-xxT: Update to 7x.9.0.19-r6 PMC8266-FPE: Update to PO_61.8.0.4-r1 PMC8266-FGPE: Update to PO_61.8.0.4-r1 PM3322-E: Update to PI_61.8.0.3-r5 TS4466-X4RIPG1: Update to T_63.8.0.4-r4  TS5366-X12RIPG1: Update to T_63.8.0.4-r4 TS8266-X4RIPG1: Update to T_63.8.0.4-r4 TS4466-X4RIVPG1: Update to T_63.8.0.4-r4 TS4466-RFIVPG1: Update to T_63.8.0.4-r4 TS8266-X4RIVPG1: Update to T_63.8.0.4-r4 TS8266-RFIVPG1: Update to T_63.8.0.4-r4 TS4466-X4RIWG1: Update to T_63.8.0.4-r4 TS8266-X4RIWG1: Update to T_63.8.0.4-r4 TS5510-GVH: Update to T_47.8.0.4-r8 TS5510-GH: Update to T_47.8.0.4-r8 TS5511-GVH: Update to T_47.8.0.4-r8 TS2966-X12TPE: Update to T_61.8.0.4-r4 TS4466-X4RPE: Update to T_61.8.0.4-r4 TS5366-X12PE: Update to T_61.8.0.4-r4 TS8266-X4PE: Update to T_61.8.0.4-r4 TS2966-X12TVPE: Update to T_61.8.0.4-r4 TS4466-X4RVPE: Update to T_61.8.0.4-r4 TS5366-X12VPE: Update to T_61.8.0.4-r4 TS8266-X4VPE: Update to T_61.8.0.4-r4 TS4441-X36RPE: Update to T_61.8.0.4-r4 TS4441-X36RE: Update to T_61.8.0.4-r4 TS4466-X4RWE: Update to T_61.8.0.4-r4 TS8266-X4WE: Update to T_61.8.0.4-r4 MS-C2964-RFLPC: Update to T_45.8.0.3-r10 MS-C2972-RFLPC: Update to T_45.8.0.3-r10 MS-C2966-RFLWPC: Update to T_45.8.0.3-r10 TS2866-X4TPC: Update to T_45.8.0.3-r10 TS2866-X4TVPC: Update to T_45.8.0.3-r10 TS2866-X4TGPC: Update to T_45.8.0.3-r10 TS2841-X36TPC: Update to T_45.8.0.3-r10 TS2841-X36TPC/W: Update to T_45.8.0.3-r10 TS2867-X5TPC: Update to T_45.8.0.3-r10 TS2961-X12TPC: Update to T_45.8.0.3-r10 TS8266-FPC/P: Update to T_45.8.0.3-r10 MS-C2966-X12RLPC: Update to T_45.8.0.3-r10 MS-C2966-X12RLVPC: Update to T_45.8.0.3-r10 MS-C5366-X12LPC: Update to T_45.8.0.3-r10 MS-C5366-X12LVPC: Update to T_45.8.0.3-r10 MS-C5361-X12LPC: Update to T_45.8.0.3-r10 MS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5 SC211: Update to C_21.1.0.8-r5 SP111: Update to 52.8.0.4-r6 MS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX

OpenCVE Recommended Actions

  • Update all affected Milesight cameras to the latest firmware versions specified in the vendor’s advisory, which fixes the weak key generation issue.
  • Limit exposure of the camera management interface by applying firewall rules or disabling unnecessary services, reducing the chance that an attacker can supply a malicious key.
  • Continuously monitor camera logs for anomalous authorization activity and block suspicious IP addresses as a defensive measure.

Generated by OpenCVE AI on April 28, 2026 at 23:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Milesight
Milesight ms-c2964-rflpc
Milesight ms-c2966-rflwpc
Milesight ms-c2966-x12rlpc
Milesight ms-c2966-x12rlvpc
Milesight ms-c2972-rflpc
Milesight ms-c5321-fpe
Milesight ms-c5361-x12lpc
Milesight ms-c5366-x12lpc
Milesight ms-c5366-x12lvpc
Milesight ms-c8477-hpg1
Milesight ms-c8477-pc
Milesight ms-cqxx31-xxxg1
Milesight ms-cqxx68-xxxg1
Milesight ms-cqxx72-xxxg1
Milesight ms-cxx41-xxxpe
Milesight ms-cxx52-xxxpe
Milesight ms-cxx61-xxxpe
Milesight ms-cxx62-xxxg1
Milesight ms-cxx62-xxxpe
Milesight ms-cxx63-pd
Milesight ms-cxx64-xpd
Milesight ms-cxx65-pe
Milesight ms-cxx66-fipkg1
Milesight ms-cxx66-rfipkg1
Milesight ms-cxx66-xxxg1
Milesight ms-cxx66-xxxgpe
Milesight ms-cxx66-xxxpe
Milesight ms-cxx66-xxxxgopc
Milesight ms-cxx67-xxxpe
Milesight ms-cxx71-xxxpe
Milesight ms-cxx72-fipkg1
Milesight ms-cxx72-rfipkg1
Milesight ms-cxx72-xxxg1
Milesight ms-cxx72-xxxpe
Milesight ms-cxx73-xpd
Milesight ms-cxx74-pa
Milesight ms-cxx75-xxpd
Milesight ms-cxx76-pe
Milesight ms-cxx83-xpd
Milesight ms-nxxxx-nxe
Milesight ms-nxxxx-xxc
Milesight ms-nxxxx-xxe
Milesight ms-nxxxx-xxg
Milesight ms-nxxxx-xxh
Milesight ms-nxxxx-xxt
Milesight pm3322-e
Milesight pmc8266-fgpe
Milesight pmc8266-fpe
Milesight sc211
Milesight sp111
Milesight ts2841-x36tpc
Milesight ts2841-x36tpc/w
Milesight ts2866-x4tgpc
Milesight ts2866-x4tpc
Milesight ts2866-x4tvpc
Milesight ts2867-x5tpc
Milesight ts2961-x12tpc
Milesight ts2966-x12tpe
Milesight ts2966-x12tvpe
Milesight ts4441-x36re
Milesight ts4441-x36rpe
Milesight ts4466-rfivpg1
Milesight ts4466-x4ripg1
Milesight ts4466-x4rivpg1
Milesight ts4466-x4riwg1
Milesight ts4466-x4rpe
Milesight ts4466-x4rvpe
Milesight ts4466-x4rwe
Milesight ts5366-x12pe
Milesight ts5366-x12ripg1
Milesight ts5366-x12vpe
Milesight ts5510-gh
Milesight ts5510-gvh
Milesight ts5511-gvh
Milesight ts8266-fpc/p
Milesight ts8266-rfivpg1
Milesight ts8266-x4pe
Milesight ts8266-x4ripg1
Milesight ts8266-x4rivpg1
Milesight ts8266-x4riwg1
Milesight ts8266-x4vpe
Milesight ts8266-x4we
Vendors & Products Milesight
Milesight ms-c2964-rflpc
Milesight ms-c2966-rflwpc
Milesight ms-c2966-x12rlpc
Milesight ms-c2966-x12rlvpc
Milesight ms-c2972-rflpc
Milesight ms-c5321-fpe
Milesight ms-c5361-x12lpc
Milesight ms-c5366-x12lpc
Milesight ms-c5366-x12lvpc
Milesight ms-c8477-hpg1
Milesight ms-c8477-pc
Milesight ms-cqxx31-xxxg1
Milesight ms-cqxx68-xxxg1
Milesight ms-cqxx72-xxxg1
Milesight ms-cxx41-xxxpe
Milesight ms-cxx52-xxxpe
Milesight ms-cxx61-xxxpe
Milesight ms-cxx62-xxxg1
Milesight ms-cxx62-xxxpe
Milesight ms-cxx63-pd
Milesight ms-cxx64-xpd
Milesight ms-cxx65-pe
Milesight ms-cxx66-fipkg1
Milesight ms-cxx66-rfipkg1
Milesight ms-cxx66-xxxg1
Milesight ms-cxx66-xxxgpe
Milesight ms-cxx66-xxxpe
Milesight ms-cxx66-xxxxgopc
Milesight ms-cxx67-xxxpe
Milesight ms-cxx71-xxxpe
Milesight ms-cxx72-fipkg1
Milesight ms-cxx72-rfipkg1
Milesight ms-cxx72-xxxg1
Milesight ms-cxx72-xxxpe
Milesight ms-cxx73-xpd
Milesight ms-cxx74-pa
Milesight ms-cxx75-xxpd
Milesight ms-cxx76-pe
Milesight ms-cxx83-xpd
Milesight ms-nxxxx-nxe
Milesight ms-nxxxx-xxc
Milesight ms-nxxxx-xxe
Milesight ms-nxxxx-xxg
Milesight ms-nxxxx-xxh
Milesight ms-nxxxx-xxt
Milesight pm3322-e
Milesight pmc8266-fgpe
Milesight pmc8266-fpe
Milesight sc211
Milesight sp111
Milesight ts2841-x36tpc
Milesight ts2841-x36tpc/w
Milesight ts2866-x4tgpc
Milesight ts2866-x4tpc
Milesight ts2866-x4tvpc
Milesight ts2867-x5tpc
Milesight ts2961-x12tpc
Milesight ts2966-x12tpe
Milesight ts2966-x12tvpe
Milesight ts4441-x36re
Milesight ts4441-x36rpe
Milesight ts4466-rfivpg1
Milesight ts4466-x4ripg1
Milesight ts4466-x4rivpg1
Milesight ts4466-x4riwg1
Milesight ts4466-x4rpe
Milesight ts4466-x4rvpe
Milesight ts4466-x4rwe
Milesight ts5366-x12pe
Milesight ts5366-x12ripg1
Milesight ts5366-x12vpe
Milesight ts5510-gh
Milesight ts5510-gvh
Milesight ts5511-gvh
Milesight ts8266-fpc/p
Milesight ts8266-rfivpg1
Milesight ts8266-x4pe
Milesight ts8266-x4ripg1
Milesight ts8266-x4rivpg1
Milesight ts8266-x4riwg1
Milesight ts8266-x4vpe
Milesight ts8266-x4we

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Description A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
Title Milesight Cameras Authorization Bypass Through User-Controlled Key
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Milesight Ms-c2964-rflpc Ms-c2966-rflwpc Ms-c2966-x12rlpc Ms-c2966-x12rlvpc Ms-c2972-rflpc Ms-c5321-fpe Ms-c5361-x12lpc Ms-c5366-x12lpc Ms-c5366-x12lvpc Ms-c8477-hpg1 Ms-c8477-pc Ms-cqxx31-xxxg1 Ms-cqxx68-xxxg1 Ms-cqxx72-xxxg1 Ms-cxx41-xxxpe Ms-cxx52-xxxpe Ms-cxx61-xxxpe Ms-cxx62-xxxg1 Ms-cxx62-xxxpe Ms-cxx63-pd Ms-cxx64-xpd Ms-cxx65-pe Ms-cxx66-fipkg1 Ms-cxx66-rfipkg1 Ms-cxx66-xxxg1 Ms-cxx66-xxxgpe Ms-cxx66-xxxpe Ms-cxx66-xxxxgopc Ms-cxx67-xxxpe Ms-cxx71-xxxpe Ms-cxx72-fipkg1 Ms-cxx72-rfipkg1 Ms-cxx72-xxxg1 Ms-cxx72-xxxpe Ms-cxx73-xpd Ms-cxx74-pa Ms-cxx75-xxpd Ms-cxx76-pe Ms-cxx83-xpd Ms-nxxxx-nxe Ms-nxxxx-xxc Ms-nxxxx-xxe Ms-nxxxx-xxg Ms-nxxxx-xxh Ms-nxxxx-xxt Pm3322-e Pmc8266-fgpe Pmc8266-fpe Sc211 Sp111 Ts2841-x36tpc Ts2841-x36tpc/w Ts2866-x4tgpc Ts2866-x4tpc Ts2866-x4tvpc Ts2867-x5tpc Ts2961-x12tpc Ts2966-x12tpe Ts2966-x12tvpe Ts4441-x36re Ts4441-x36rpe Ts4466-rfivpg1 Ts4466-x4ripg1 Ts4466-x4rivpg1 Ts4466-x4riwg1 Ts4466-x4rpe Ts4466-x4rvpe Ts4466-x4rwe Ts5366-x12pe Ts5366-x12ripg1 Ts5366-x12vpe Ts5510-gh Ts5510-gvh Ts5511-gvh Ts8266-fpc/p Ts8266-rfivpg1 Ts8266-x4pe Ts8266-x4ripg1 Ts8266-x4rivpg1 Ts8266-x4riwg1 Ts8266-x4vpe Ts8266-x4we
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-28T14:35:33.191Z

Reserved: 2026-03-12T17:51:09.913Z

Link: CVE-2026-28747

cve-icon Vulnrichment

Updated: 2026-04-28T13:41:06.405Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-27T23:16:02.820

Modified: 2026-04-28T20:11:56.713

Link: CVE-2026-28747

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:30:06Z

Weaknesses