Description
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
Published: 2026-04-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Patch Immediately
AI Analysis

Impact

A command injection flaw exists in the web server of specific Milesight camera firmware versions, allowing an attacker to inject and execute arbitrary operating‑system commands on the affected device. The vulnerability is classified as CWE‑78, and its exploitation could grant full remote control of the camera, potentially leading to data modification, device reset, or denial of service. The CVSS score of 7.3 indicates a high severity level, underscoring the seriousness of the flaw.

Affected Systems

The flaw affects a broad range of Milesight camera models, including the MS‑C series such as MS‑C2964‑RFLPC, MS‑C2966‑RFLWPC, MS‑C2966‑X12RLPC, MS‑C2966‑X12RLVPC, MS‑C2972‑RFLPC, MS‑C5321‑FPE, MS‑C5361‑X12LPC, MS‑C5366‑X12LPC, and MS‑C5366‑X12LVPC. In addition, many TS, TS4x, TS5x, and TS8x models such as TS2866‑X4TPC, TS2867‑X5TPC, TS2961‑X12TPC, TS8266‑X4RIPG1, TS8266‑X4RIVPG1, TS8266‑X4RIWG1, and TS8266‑X4WE are listed as vulnerable. Firmware versions ranging from 45.8.0.3‑r10 up to 63.8.0.5‑r4 (and intermediate revisions) are reported as affected, with vendor–specific upgrade paths documented.

Risk and Exploitability

The CVSS score of 7.3 indicates high severity, while the EPSS score of <1% suggests that exploitation is currently limited. However, the flaw is likely to be exploited via a network‑based attack against the device’s web interface; an attacker can send a crafted HTTP request to trigger the command injection without needing prior authentication, especially if the device is exposed or has weak credentials. Given the widespread distribution of affected models and the straightforward nature of the exploit, the overall risk is considered moderate to high until mitigated.

Generated by OpenCVE AI on April 29, 2026 at 01:32 UTC.

Remediation

Vendor Solution

Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.  https://www.milesight.com/support/download/firmware MS-Cxx63-PD: Update to 51.7.0.77-r13 MS-Cxx64-xPD: Update to 51.7.0.77-r13 MS-Cxx73-xPD: Update to 51.7.0.77-r13 MS-Cxx75-xxPD: Update to 51.7.0.77-r13 MS-Cxx83-xPD: Update to 51.7.0.77-r13 MS-Cxx74-PA: Update to 3x.8.0.3-r13 MS-C8477-HPG1: Update to 63.8.0.4-r4  MS-C8477-PC: Update to 48.8.0.4-r4 MS-C5321-FPE: Update to 62.8.0.4-r6 MS-Cxx72-xxxPE: Update to 61.8.0.5-r2 MS-Cxx62-xxxPE: Update to 61.8.0.5-r2 MS-Cxx52-xxxPE: Update to 61.8.0.5-r2 MS-Cxx66-xxxPE: Update to 61.8.0.5-r2 MS-Cxx66-xxxGPE: Update to 61.8.0.5-r2 MS-Cxx61-xxxPE: Update to 61.8.0.5-r2 MS-Cxx67-xxxPE: Update to 61.8.0.5-r2 MS-Cxx71-xxxPE: Update to 61.8.0.5-r2 MS-Cxx41-xxxPE: Update to 61.8.0.5-r2 MS-Cxx76-PE: Update to 61.8.0.5-r2 MS-Cxx65-PE: Update to 61.8.0.5-r2 MS-Cxx66-xxxG1: Update to 63.8.0.5-r4 MS-Cxx62-xxxG1: Update to 63.8.0.5-r4 MS-Cxx72-xxxG1: Update to 63.8.0.5-r4 MS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2  MS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2 MS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2 MS-Nxxxx-NxE: Update to 7x.9.0.19-r6 MS-Nxxxx-xxC: Update to 7x.9.0.19-r6 MS-Nxxxx-xxE: Update to 7x.9.0.19-r6 MS-Nxxxx-xxG: Update to 7x.9.0.19-r6 MS-Nxxxx-xxH: Update to 7x.9.0.19-r6 MS-Nxxxx-xxT: Update to 7x.9.0.19-r6 PMC8266-FPE: Update to PO_61.8.0.4-r1 PMC8266-FGPE: Update to PO_61.8.0.4-r1 PM3322-E: Update to PI_61.8.0.3-r5 TS4466-X4RIPG1: Update to T_63.8.0.4-r4  TS5366-X12RIPG1: Update to T_63.8.0.4-r4 TS8266-X4RIPG1: Update to T_63.8.0.4-r4 TS4466-X4RIVPG1: Update to T_63.8.0.4-r4 TS4466-RFIVPG1: Update to T_63.8.0.4-r4 TS8266-X4RIVPG1: Update to T_63.8.0.4-r4 TS8266-RFIVPG1: Update to T_63.8.0.4-r4 TS4466-X4RIWG1: Update to T_63.8.0.4-r4 TS8266-X4RIWG1: Update to T_63.8.0.4-r4 TS5510-GVH: Update to T_47.8.0.4-r8 TS5510-GH: Update to T_47.8.0.4-r8 TS5511-GVH: Update to T_47.8.0.4-r8 TS2966-X12TPE: Update to T_61.8.0.4-r4 TS4466-X4RPE: Update to T_61.8.0.4-r4 TS5366-X12PE: Update to T_61.8.0.4-r4 TS8266-X4PE: Update to T_61.8.0.4-r4 TS2966-X12TVPE: Update to T_61.8.0.4-r4 TS4466-X4RVPE: Update to T_61.8.0.4-r4 TS5366-X12VPE: Update to T_61.8.0.4-r4 TS8266-X4VPE: Update to T_61.8.0.4-r4 TS4441-X36RPE: Update to T_61.8.0.4-r4 TS4441-X36RE: Update to T_61.8.0.4-r4 TS4466-X4RWE: Update to T_61.8.0.4-r4 TS8266-X4WE: Update to T_61.8.0.4-r4 MS-C2964-RFLPC: Update to T_45.8.0.3-r10 MS-C2972-RFLPC: Update to T_45.8.0.3-r10 MS-C2966-RFLWPC: Update to T_45.8.0.3-r10 TS2866-X4TPC: Update to T_45.8.0.3-r10 TS2866-X4TVPC: Update to T_45.8.0.3-r10 TS2866-X4TGPC: Update to T_45.8.0.3-r10 TS2841-X36TPC: Update to T_45.8.0.3-r10 TS2841-X36TPC/W: Update to T_45.8.0.3-r10 TS2867-X5TPC: Update to T_45.8.0.3-r10 TS2961-X12TPC: Update to T_45.8.0.3-r10 TS8266-FPC/P: Update to T_45.8.0.3-r10 MS-C2966-X12RLPC: Update to T_45.8.0.3-r10 MS-C2966-X12RLVPC: Update to T_45.8.0.3-r10 MS-C5366-X12LPC: Update to T_45.8.0.3-r10 MS-C5366-X12LVPC: Update to T_45.8.0.3-r10 MS-C5361-X12LPC: Update to T_45.8.0.3-r10 MS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5 SC211: Update to C_21.1.0.8-r5 SP111: Update to 52.8.0.4-r6 MS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX MS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX

OpenCVE Recommended Actions

  • Identify the camera model and its current firmware version.
  • Download the correct firmware for that specific model from https://www.milesight.com/support/download/firmware, using the update path listed by the vendor.
  • Install the firmware update following Milesight’s upgrade instructions; this removes the vulnerable command‑injection path.
  • As a temporary safeguard, block the camera’s web interface from external networks until the firmware is updated.
  • Consider restricting management access or changing default credentials to limit potential attackers’ reach.

Generated by OpenCVE AI on April 29, 2026 at 01:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Milesight
Milesight ms-c2964-rflpc
Milesight ms-c2966-rflwpc
Milesight ms-c2966-x12rlpc
Milesight ms-c2966-x12rlvpc
Milesight ms-c2972-rflpc
Milesight ms-c5321-fpe
Milesight ms-c5361-x12lpc
Milesight ms-c5366-x12lpc
Milesight ms-c5366-x12lvpc
Milesight ms-c8477-hpg1
Milesight ms-c8477-pc
Milesight ms-cqxx31-xxxg1
Milesight ms-cqxx68-xxxg1
Milesight ms-cqxx72-xxxg1
Milesight ms-cxx41-xxxpe
Milesight ms-cxx52-xxxpe
Milesight ms-cxx61-xxxpe
Milesight ms-cxx62-xxxg1
Milesight ms-cxx62-xxxpe
Milesight ms-cxx63-pd
Milesight ms-cxx64-xpd
Milesight ms-cxx65-pe
Milesight ms-cxx66-fipkg1
Milesight ms-cxx66-rfipkg1
Milesight ms-cxx66-xxxg1
Milesight ms-cxx66-xxxgpe
Milesight ms-cxx66-xxxpe
Milesight ms-cxx66-xxxxgopc
Milesight ms-cxx67-xxxpe
Milesight ms-cxx71-xxxpe
Milesight ms-cxx72-fipkg1
Milesight ms-cxx72-rfipkg1
Milesight ms-cxx72-xxxg1
Milesight ms-cxx72-xxxpe
Milesight ms-cxx73-xpd
Milesight ms-cxx74-pa
Milesight ms-cxx75-xxpd
Milesight ms-cxx76-pe
Milesight ms-cxx83-xpd
Milesight ms-nxxxx-nxe
Milesight ms-nxxxx-xxc
Milesight ms-nxxxx-xxe
Milesight ms-nxxxx-xxg
Milesight ms-nxxxx-xxh
Milesight ms-nxxxx-xxt
Milesight pm3322-e
Milesight pmc8266-fgpe
Milesight pmc8266-fpe
Milesight sc211
Milesight sp111
Milesight ts2841-x36tpc
Milesight ts2841-x36tpc/w
Milesight ts2866-x4tgpc
Milesight ts2866-x4tpc
Milesight ts2866-x4tvpc
Milesight ts2867-x5tpc
Milesight ts2961-x12tpc
Milesight ts2966-x12tpe
Milesight ts2966-x12tvpe
Milesight ts4441-x36re
Milesight ts4441-x36rpe
Milesight ts4466-rfivpg1
Milesight ts4466-x4ripg1
Milesight ts4466-x4rivpg1
Milesight ts4466-x4riwg1
Milesight ts4466-x4rpe
Milesight ts4466-x4rvpe
Milesight ts4466-x4rwe
Milesight ts5366-x12pe
Milesight ts5366-x12ripg1
Milesight ts5366-x12vpe
Milesight ts5510-gh
Milesight ts5510-gvh
Milesight ts5511-gvh
Milesight ts8266-fpc/p
Milesight ts8266-rfivpg1
Milesight ts8266-x4pe
Milesight ts8266-x4ripg1
Milesight ts8266-x4rivpg1
Milesight ts8266-x4riwg1
Milesight ts8266-x4vpe
Milesight ts8266-x4we
Vendors & Products Milesight
Milesight ms-c2964-rflpc
Milesight ms-c2966-rflwpc
Milesight ms-c2966-x12rlpc
Milesight ms-c2966-x12rlvpc
Milesight ms-c2972-rflpc
Milesight ms-c5321-fpe
Milesight ms-c5361-x12lpc
Milesight ms-c5366-x12lpc
Milesight ms-c5366-x12lvpc
Milesight ms-c8477-hpg1
Milesight ms-c8477-pc
Milesight ms-cqxx31-xxxg1
Milesight ms-cqxx68-xxxg1
Milesight ms-cqxx72-xxxg1
Milesight ms-cxx41-xxxpe
Milesight ms-cxx52-xxxpe
Milesight ms-cxx61-xxxpe
Milesight ms-cxx62-xxxg1
Milesight ms-cxx62-xxxpe
Milesight ms-cxx63-pd
Milesight ms-cxx64-xpd
Milesight ms-cxx65-pe
Milesight ms-cxx66-fipkg1
Milesight ms-cxx66-rfipkg1
Milesight ms-cxx66-xxxg1
Milesight ms-cxx66-xxxgpe
Milesight ms-cxx66-xxxpe
Milesight ms-cxx66-xxxxgopc
Milesight ms-cxx67-xxxpe
Milesight ms-cxx71-xxxpe
Milesight ms-cxx72-fipkg1
Milesight ms-cxx72-rfipkg1
Milesight ms-cxx72-xxxg1
Milesight ms-cxx72-xxxpe
Milesight ms-cxx73-xpd
Milesight ms-cxx74-pa
Milesight ms-cxx75-xxpd
Milesight ms-cxx76-pe
Milesight ms-cxx83-xpd
Milesight ms-nxxxx-nxe
Milesight ms-nxxxx-xxc
Milesight ms-nxxxx-xxe
Milesight ms-nxxxx-xxg
Milesight ms-nxxxx-xxh
Milesight ms-nxxxx-xxt
Milesight pm3322-e
Milesight pmc8266-fgpe
Milesight pmc8266-fpe
Milesight sc211
Milesight sp111
Milesight ts2841-x36tpc
Milesight ts2841-x36tpc/w
Milesight ts2866-x4tgpc
Milesight ts2866-x4tpc
Milesight ts2866-x4tvpc
Milesight ts2867-x5tpc
Milesight ts2961-x12tpc
Milesight ts2966-x12tpe
Milesight ts2966-x12tvpe
Milesight ts4441-x36re
Milesight ts4441-x36rpe
Milesight ts4466-rfivpg1
Milesight ts4466-x4ripg1
Milesight ts4466-x4rivpg1
Milesight ts4466-x4riwg1
Milesight ts4466-x4rpe
Milesight ts4466-x4rvpe
Milesight ts4466-x4rwe
Milesight ts5366-x12pe
Milesight ts5366-x12ripg1
Milesight ts5366-x12vpe
Milesight ts5510-gh
Milesight ts5510-gvh
Milesight ts5511-gvh
Milesight ts8266-fpc/p
Milesight ts8266-rfivpg1
Milesight ts8266-x4pe
Milesight ts8266-x4ripg1
Milesight ts8266-x4rivpg1
Milesight ts8266-x4riwg1
Milesight ts8266-x4vpe
Milesight ts8266-x4we

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
Title Milesight Cameras OS Command Injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Milesight Ms-c2964-rflpc Ms-c2966-rflwpc Ms-c2966-x12rlpc Ms-c2966-x12rlvpc Ms-c2972-rflpc Ms-c5321-fpe Ms-c5361-x12lpc Ms-c5366-x12lpc Ms-c5366-x12lvpc Ms-c8477-hpg1 Ms-c8477-pc Ms-cqxx31-xxxg1 Ms-cqxx68-xxxg1 Ms-cqxx72-xxxg1 Ms-cxx41-xxxpe Ms-cxx52-xxxpe Ms-cxx61-xxxpe Ms-cxx62-xxxg1 Ms-cxx62-xxxpe Ms-cxx63-pd Ms-cxx64-xpd Ms-cxx65-pe Ms-cxx66-fipkg1 Ms-cxx66-rfipkg1 Ms-cxx66-xxxg1 Ms-cxx66-xxxgpe Ms-cxx66-xxxpe Ms-cxx66-xxxxgopc Ms-cxx67-xxxpe Ms-cxx71-xxxpe Ms-cxx72-fipkg1 Ms-cxx72-rfipkg1 Ms-cxx72-xxxg1 Ms-cxx72-xxxpe Ms-cxx73-xpd Ms-cxx74-pa Ms-cxx75-xxpd Ms-cxx76-pe Ms-cxx83-xpd Ms-nxxxx-nxe Ms-nxxxx-xxc Ms-nxxxx-xxe Ms-nxxxx-xxg Ms-nxxxx-xxh Ms-nxxxx-xxt Pm3322-e Pmc8266-fgpe Pmc8266-fpe Sc211 Sp111 Ts2841-x36tpc Ts2841-x36tpc/w Ts2866-x4tgpc Ts2866-x4tpc Ts2866-x4tvpc Ts2867-x5tpc Ts2961-x12tpc Ts2966-x12tpe Ts2966-x12tvpe Ts4441-x36re Ts4441-x36rpe Ts4466-rfivpg1 Ts4466-x4ripg1 Ts4466-x4rivpg1 Ts4466-x4riwg1 Ts4466-x4rpe Ts4466-x4rvpe Ts4466-x4rwe Ts5366-x12pe Ts5366-x12ripg1 Ts5366-x12vpe Ts5510-gh Ts5510-gvh Ts5511-gvh Ts8266-fpc/p Ts8266-rfivpg1 Ts8266-x4pe Ts8266-x4ripg1 Ts8266-x4rivpg1 Ts8266-x4riwg1 Ts8266-x4vpe Ts8266-x4we
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-28T14:42:37.926Z

Reserved: 2026-03-12T17:51:09.881Z

Link: CVE-2026-32649

cve-icon Vulnrichment

Updated: 2026-04-28T14:42:31.483Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T01:16:00.947

Modified: 2026-04-28T20:11:56.713

Link: CVE-2026-32649

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:45:25Z

Weaknesses