Description
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
Published: 2026-04-27
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Potential device impersonation and traffic interception
Action: Immediate Patch
AI Analysis

Impact

Milesight firmware versions use hard-coded SSL private keys. This weakness could allow an attacker to intercept or forge traffic, potentially accessing video streams or sensitive data. The vulnerability is identified with CVSS 9.2.

Affected Systems

All Milesight AIOT camera models listed in the CNA vendor list are affected, including models such as MS-C2964, MS-C2966, and TS-8266. Each product requires the firmware updates specified by the vendor to replace the default key with a secure, individualized certificate.

Risk and Exploitability

The CVSS score of 9.2 marks this flaw as critical, yet the EPSS score of <1% indicates a very low but nonzero probability of exploitation. Attackers could leverage the exposed default key by performing a man‑in‑the‑middle or impersonation attack over the HTTPS channel used by the devices. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 29, 2026 at 01:33 UTC.

Remediation

Vendor Solution

Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.  https://www.milesight.com/support/download/firmware MS-Cxx63-PD: Update to 51.7.0.77-r13 MS-Cxx64-xPD: Update to 51.7.0.77-r13 MS-Cxx73-xPD: Update to 51.7.0.77-r13 MS-Cxx75-xxPD: Update to 51.7.0.77-r13 MS-Cxx83-xPD: Update to 51.7.0.77-r13 MS-Cxx74-PA: Update to 3x.8.0.3-r13 MS-C8477-HPG1: Update to 63.8.0.4-r4  MS-C8477-PC: Update to 48.8.0.4-r4 MS-C5321-FPE: Update to 62.8.0.4-r6 MS-Cxx72-xxxPE: Update to 61.8.0.5-r2 MS-Cxx62-xxxPE: Update to 61.8.0.5-r2 MS-Cxx52-xxxPE: Update to 61.8.0.5-r2 MS-Cxx66-xxxPE: Update to 61.8.0.5-r2 MS-Cxx66-xxxGPE: Update to 61.8.0.5-r2 MS-Cxx61-xxxPE: Update to 61.8.0.5-r2 MS-Cxx67-xxxPE: Update to 61.8.0.5-r2 MS-Cxx71-xxxPE: Update to 61.8.0.5-r2 MS-Cxx41-xxxPE: Update to 61.8.0.5-r2 MS-Cxx76-PE: Update to 61.8.0.5-r2 MS-Cxx65-PE: Update to 61.8.0.5-r2 MS-Cxx66-xxxG1: Update to 63.8.0.5-r4 MS-Cxx62-xxxG1: Update to 63.8.0.5-r4 MS-Cxx72-xxxG1: Update to 63.8.0.5-r4 MS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2  MS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2 MS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2 MS-Nxxxx-NxE: Update to 7x.9.0.19-r6 MS-Nxxxx-xxC: Update to 7x.9.0.19-r6 MS-Nxxxx-xxE: Update to 7x.9.0.19-r6 MS-Nxxxx-xxG: Update to 7x.9.0.19-r6 MS-Nxxxx-xxH: Update to 7x.9.0.19-r6 MS-Nxxxx-xxT: Update to 7x.9.0.19-r6 PMC8266-FPE: Update to PO_61.8.0.4-r1 PMC8266-FGPE: Update to PO_61.8.0.4-r1 PM3322-E: Update to PI_61.8.0.3-r5 TS4466-X4RIPG1: Update to T_63.8.0.4-r4  TS5366-X12RIPG1: Update to T_63.8.0.4-r4 TS8266-X4RIPG1: Update to T_63.8.0.4-r4 TS4466-X4RIVPG1: Update to T_63.8.0.4-r4 TS4466-RFIVPG1: Update to T_63.8.0.4-r4 TS8266-X4RIVPG1: Update to T_63.8.0.4-r4 TS8266-RFIVPG1: Update to T_63.8.0.4-r4 TS4466-X4RIWG1: Update to T_63.8.0.4-r4 TS8266-X4RIWG1: Update to T_63.8.0.4-r4 TS5510-GVH: Update to T_47.8.0.4-r8 TS5510-GH: Update to T_47.8.0.4-r8 TS5511-GVH: Update to T_47.8.0.4-r8 TS2966-X12TPE: Update to T_61.8.0.4-r4 TS4466-X4RPE: Update to T_61.8.0.4-r4 TS5366-X12PE: Update to T_61.8.0.4-r4 TS8266-X4PE: Update to T_61.8.0.4-r4 TS2966-X12TVPE: Update to T_61.8.0.4-r4 TS4466-X4RVPE: Update to T_61.8.0.4-r4 TS5366-X12VPE: Update to T_61.8.0.4-r4 TS8266-X4VPE: Update to T_61.8.0.4-r4 TS4441-X36RPE: Update to T_61.8.0.4-r4 TS4441-X36RE: Update to T_61.8.0.4-r4 TS4466-X4RWE: Update to T_61.8.0.4-r4 TS8266-X4WE: Update to T_61.8.0.4-r4 MS-C2964-RFLPC: Update to T_45.8.0.3-r10 MS-C2972-RFLPC: Update to T_45.8.0.3-r10 MS-C2966-RFLWPC: Update to T_45.8.0.3-r10 TS2866-X4TPC: Update to T_45.8.0.3-r10 TS2866-X4TVPC: Update to T_45.8.0.3-r10 TS2866-X4TGPC: Update to T_45.8.0.3-r10 TS2841-X36TPC: Update to T_45.8.0.3-r10 TS2841-X36TPC/W: Update to T_45.8.0.3-r10 TS2867-X5TPC: Update to T_45.8.0.3-r10 TS2961-X12TPC: Update to T_45.8.0.3-r10 TS8266-FPC/P: Update to T_45.8.0.3-r10 MS-C2966-X12RLPC: Update to T_45.8.0.3-r10 MS-C2966-X12RLVPC: Update to T_45.8.0.3-r10 MS-C5366-X12LPC: Update to T_45.8.0.3-r10 MS-C5366-X12LVPC: Update to T_45.8.0.3-r10 MS-C5361-X12LPC: Update to T_45.8.0.3-r10 MS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5 SC211: Update to C_21.1.0.8-r5 SP111: Update to 52.8.0.4-r6 MS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX

OpenCVE Recommended Actions

  • Apply the vendor‑supplied firmware update to every affected Milesight camera model as enumerated in the solution list.
  • Limit device network exposure by configuring firewall rules or network segmentation to allow the camera’s ports only from trusted management IP addresses or subnets; this provides a temporary workaround until the patch is applied.
  • Enable monitoring of TLS handshake and certificate fingerprints to detect any abnormal or duplicate certificates, and set alerts for anomalous traffic that may indicate unauthorized interception.

Generated by OpenCVE AI on April 29, 2026 at 01:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Milesight
Milesight ms-c2964-rflpc
Milesight ms-c2966-rflwpc
Milesight ms-c2966-x12rlpc
Milesight ms-c2966-x12rlvpc
Milesight ms-c2972-rflpc
Milesight ms-c5321-fpe
Milesight ms-c5361-x12lpc
Milesight ms-c5366-x12lpc
Milesight ms-c5366-x12lvpc
Milesight ms-c8477-hpg1
Milesight ms-c8477-pc
Milesight ms-cqxx31-xxxg1
Milesight ms-cqxx68-xxxg1
Milesight ms-cqxx72-xxxg1
Milesight ms-cxx41-xxxpe
Milesight ms-cxx52-xxxpe
Milesight ms-cxx61-xxxpe
Milesight ms-cxx62-xxxg1
Milesight ms-cxx62-xxxpe
Milesight ms-cxx63-pd
Milesight ms-cxx64-xpd
Milesight ms-cxx65-pe
Milesight ms-cxx66-fipkg1
Milesight ms-cxx66-rfipkg1
Milesight ms-cxx66-xxxg1
Milesight ms-cxx66-xxxgpe
Milesight ms-cxx66-xxxpe
Milesight ms-cxx66-xxxxgopc
Milesight ms-cxx67-xxxpe
Milesight ms-cxx71-xxxpe
Milesight ms-cxx72-fipkg1
Milesight ms-cxx72-rfipkg1
Milesight ms-cxx72-xxxg1
Milesight ms-cxx72-xxxpe
Milesight ms-cxx73-xpd
Milesight ms-cxx74-pa
Milesight ms-cxx75-xxpd
Milesight ms-cxx76-pe
Milesight ms-cxx83-xpd
Milesight ms-nxxxx-nxe
Milesight ms-nxxxx-xxc
Milesight ms-nxxxx-xxe
Milesight ms-nxxxx-xxg
Milesight ms-nxxxx-xxh
Milesight ms-nxxxx-xxt
Milesight pm3322-e
Milesight pmc8266-fgpe
Milesight pmc8266-fpe
Milesight sc211
Milesight sp111
Milesight ts2841-x36tpc
Milesight ts2841-x36tpc/w
Milesight ts2866-x4tgpc
Milesight ts2866-x4tpc
Milesight ts2866-x4tvpc
Milesight ts2867-x5tpc
Milesight ts2961-x12tpc
Milesight ts2966-x12tpe
Milesight ts2966-x12tvpe
Milesight ts4441-x36re
Milesight ts4441-x36rpe
Milesight ts4466-rfivpg1
Milesight ts4466-x4ripg1
Milesight ts4466-x4rivpg1
Milesight ts4466-x4riwg1
Milesight ts4466-x4rpe
Milesight ts4466-x4rvpe
Milesight ts4466-x4rwe
Milesight ts5366-x12pe
Milesight ts5366-x12ripg1
Milesight ts5366-x12vpe
Milesight ts5510-gh
Milesight ts5510-gvh
Milesight ts5511-gvh
Milesight ts8266-fpc/p
Milesight ts8266-rfivpg1
Milesight ts8266-x4pe
Milesight ts8266-x4ripg1
Milesight ts8266-x4rivpg1
Milesight ts8266-x4riwg1
Milesight ts8266-x4vpe
Milesight ts8266-x4we
Vendors & Products Milesight
Milesight ms-c2964-rflpc
Milesight ms-c2966-rflwpc
Milesight ms-c2966-x12rlpc
Milesight ms-c2966-x12rlvpc
Milesight ms-c2972-rflpc
Milesight ms-c5321-fpe
Milesight ms-c5361-x12lpc
Milesight ms-c5366-x12lpc
Milesight ms-c5366-x12lvpc
Milesight ms-c8477-hpg1
Milesight ms-c8477-pc
Milesight ms-cqxx31-xxxg1
Milesight ms-cqxx68-xxxg1
Milesight ms-cqxx72-xxxg1
Milesight ms-cxx41-xxxpe
Milesight ms-cxx52-xxxpe
Milesight ms-cxx61-xxxpe
Milesight ms-cxx62-xxxg1
Milesight ms-cxx62-xxxpe
Milesight ms-cxx63-pd
Milesight ms-cxx64-xpd
Milesight ms-cxx65-pe
Milesight ms-cxx66-fipkg1
Milesight ms-cxx66-rfipkg1
Milesight ms-cxx66-xxxg1
Milesight ms-cxx66-xxxgpe
Milesight ms-cxx66-xxxpe
Milesight ms-cxx66-xxxxgopc
Milesight ms-cxx67-xxxpe
Milesight ms-cxx71-xxxpe
Milesight ms-cxx72-fipkg1
Milesight ms-cxx72-rfipkg1
Milesight ms-cxx72-xxxg1
Milesight ms-cxx72-xxxpe
Milesight ms-cxx73-xpd
Milesight ms-cxx74-pa
Milesight ms-cxx75-xxpd
Milesight ms-cxx76-pe
Milesight ms-cxx83-xpd
Milesight ms-nxxxx-nxe
Milesight ms-nxxxx-xxc
Milesight ms-nxxxx-xxe
Milesight ms-nxxxx-xxg
Milesight ms-nxxxx-xxh
Milesight ms-nxxxx-xxt
Milesight pm3322-e
Milesight pmc8266-fgpe
Milesight pmc8266-fpe
Milesight sc211
Milesight sp111
Milesight ts2841-x36tpc
Milesight ts2841-x36tpc/w
Milesight ts2866-x4tgpc
Milesight ts2866-x4tpc
Milesight ts2866-x4tvpc
Milesight ts2867-x5tpc
Milesight ts2961-x12tpc
Milesight ts2966-x12tpe
Milesight ts2966-x12tvpe
Milesight ts4441-x36re
Milesight ts4441-x36rpe
Milesight ts4466-rfivpg1
Milesight ts4466-x4ripg1
Milesight ts4466-x4rivpg1
Milesight ts4466-x4riwg1
Milesight ts4466-x4rpe
Milesight ts4466-x4rvpe
Milesight ts4466-x4rwe
Milesight ts5366-x12pe
Milesight ts5366-x12ripg1
Milesight ts5366-x12vpe
Milesight ts5510-gh
Milesight ts5510-gvh
Milesight ts5511-gvh
Milesight ts8266-fpc/p
Milesight ts8266-rfivpg1
Milesight ts8266-x4pe
Milesight ts8266-x4ripg1
Milesight ts8266-x4rivpg1
Milesight ts8266-x4riwg1
Milesight ts8266-x4vpe
Milesight ts8266-x4we

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
Title Milesight Cameras Use of Hard-coded Cryptographic Key
Weaknesses CWE-321
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Milesight Ms-c2964-rflpc Ms-c2966-rflwpc Ms-c2966-x12rlpc Ms-c2966-x12rlvpc Ms-c2972-rflpc Ms-c5321-fpe Ms-c5361-x12lpc Ms-c5366-x12lpc Ms-c5366-x12lvpc Ms-c8477-hpg1 Ms-c8477-pc Ms-cqxx31-xxxg1 Ms-cqxx68-xxxg1 Ms-cqxx72-xxxg1 Ms-cxx41-xxxpe Ms-cxx52-xxxpe Ms-cxx61-xxxpe Ms-cxx62-xxxg1 Ms-cxx62-xxxpe Ms-cxx63-pd Ms-cxx64-xpd Ms-cxx65-pe Ms-cxx66-fipkg1 Ms-cxx66-rfipkg1 Ms-cxx66-xxxg1 Ms-cxx66-xxxgpe Ms-cxx66-xxxpe Ms-cxx66-xxxxgopc Ms-cxx67-xxxpe Ms-cxx71-xxxpe Ms-cxx72-fipkg1 Ms-cxx72-rfipkg1 Ms-cxx72-xxxg1 Ms-cxx72-xxxpe Ms-cxx73-xpd Ms-cxx74-pa Ms-cxx75-xxpd Ms-cxx76-pe Ms-cxx83-xpd Ms-nxxxx-nxe Ms-nxxxx-xxc Ms-nxxxx-xxe Ms-nxxxx-xxg Ms-nxxxx-xxh Ms-nxxxx-xxt Pm3322-e Pmc8266-fgpe Pmc8266-fpe Sc211 Sp111 Ts2841-x36tpc Ts2841-x36tpc/w Ts2866-x4tgpc Ts2866-x4tpc Ts2866-x4tvpc Ts2867-x5tpc Ts2961-x12tpc Ts2966-x12tpe Ts2966-x12tvpe Ts4441-x36re Ts4441-x36rpe Ts4466-rfivpg1 Ts4466-x4ripg1 Ts4466-x4rivpg1 Ts4466-x4riwg1 Ts4466-x4rpe Ts4466-x4rvpe Ts4466-x4rwe Ts5366-x12pe Ts5366-x12ripg1 Ts5366-x12vpe Ts5510-gh Ts5510-gvh Ts5511-gvh Ts8266-fpc/p Ts8266-rfivpg1 Ts8266-x4pe Ts8266-x4ripg1 Ts8266-x4rivpg1 Ts8266-x4riwg1 Ts8266-x4vpe Ts8266-x4we
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-28T14:45:19.107Z

Reserved: 2026-03-12T17:51:09.896Z

Link: CVE-2026-32644

cve-icon Vulnrichment

Updated: 2026-04-28T14:45:14.499Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T01:16:00.600

Modified: 2026-04-28T20:11:56.713

Link: CVE-2026-32644

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:45:26Z

Weaknesses