Milesight
Products
2- 6 CVEs
- 4 CVEs
Recent CVEs
10| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32644 | Cri | 0.64 | 9.8 | 0.00 | Apr 28, 2026 | Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. | |
| CVE-2026-20766 | Hig | 0.57 | 8.8 | 0.00 | Apr 28, 2026 | An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. | |
| CVE-2026-27785 | Hig | 0.57 | 8.8 | 0.00 | Apr 28, 2026 | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | |
| CVE-2026-32649 | Med | 0.44 | 6.8 | 0.00 | Apr 28, 2026 | A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras. | |
| CVE-2024-36392 | 0.00 | — | 0.00 | Jun 2, 2024 | MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2024-36391 | 0.00 | — | 0.00 | Jun 2, 2024 | MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic | ||
| CVE-2024-36390 | 0.00 | — | 0.00 | Jun 2, 2024 | MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service | ||
| CVE-2024-36389 | 0.00 | — | 0.00 | Jun 2, 2024 | MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass | ||
| CVE-2024-36388 | 0.00 | — | 0.00 | Jun 2, 2024 | MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function | ||
| CVE-2024-27776 | 0.00 | — | 0.01 | Jun 2, 2024 | MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE |
- risk 0.64cvss 9.8epss 0.00
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
- risk 0.57cvss 8.8epss 0.00
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
- risk 0.57cvss 8.8epss 0.00
Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.
- risk 0.44cvss 6.8epss 0.00
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
- CVE-2024-36392Jun 2, 2024risk 0.00cvss —epss 0.00
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2024-36391Jun 2, 2024risk 0.00cvss —epss 0.00
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic
- CVE-2024-36390Jun 2, 2024risk 0.00cvss —epss 0.00
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
- CVE-2024-36389Jun 2, 2024risk 0.00cvss —epss 0.00
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
- CVE-2024-36388Jun 2, 2024risk 0.00cvss —epss 0.00
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
- CVE-2024-27776Jun 2, 2024risk 0.00cvss —epss 0.01
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE