Milesight
Products
13- 66 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
94| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36388 | Cri | 0.65 | 10.0 | 0.00 | Jun 2, 2024 | MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function | ||
| CVE-2026-32644 | Cri | 0.64 | 9.8 | 0.00 | Apr 28, 2026 | Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. | ||
| CVE-2024-36389 | Cri | 0.64 | 9.8 | 0.01 | Jun 2, 2024 | MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass | ||
| CVE-2024-27776 | Cri | 0.64 | 9.8 | 0.01 | Jun 2, 2024 | MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE | ||
| CVE-2023-23902 | Cri | 0.64 | 9.8 | 0.02 | Jul 6, 2023 | A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability. | ||
| CVE-2023-30466 | Cri | 0.64 | 9.8 | 0.01 | Apr 28, 2023 | This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this… | ||
| CVE-2016-2360 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | ||
| CVE-2016-2359 | Cri | 0.64 | 9.8 | 0.03 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | ||
| CVE-2016-2358 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | ||
| CVE-2016-2357 | Cri | 0.64 | 9.8 | 0.02 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | ||
| CVE-2016-2356 | Cri | 0.64 | 9.8 | 0.03 | Oct 25, 2019 | Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | ||
| CVE-2024-36391 | Cri | 0.59 | 9.1 | 0.00 | Jun 2, 2024 | MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic | ||
| CVE-2023-22653 | Hig | 0.58 | 8.8 | 0.07 | Jul 6, 2023 | An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability. | ||
| CVE-2026-20766 | Hig | 0.57 | 8.8 | 0.00 | Apr 28, 2026 | An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. | ||
| CVE-2026-27785 | Hig | 0.57 | 8.8 | 0.00 | Apr 28, 2026 | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | ||
| CVE-2023-47166 | Hig | 0.57 | 8.8 | 0.01 | May 1, 2024 | A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability. | ||
| CVE-2023-24583 | Hig | 0.57 | 8.8 | 0.03 | Jul 6, 2023 | Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these… | ||
| CVE-2023-24582 | Hig | 0.57 | 8.8 | 0.03 | Jul 6, 2023 | Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these… | ||
| CVE-2023-24520 | Hig | 0.57 | 8.8 | 0.03 | Jul 6, 2023 | Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This… | ||
| CVE-2023-24519 | Hig | 0.57 | 8.8 | 0.03 | Jul 6, 2023 | Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This… |
- risk 0.65cvss 10.0epss 0.00
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
- risk 0.64cvss 9.8epss 0.00
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
- risk 0.64cvss 9.8epss 0.01
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
- risk 0.64cvss 9.8epss 0.01
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE
- risk 0.64cvss 9.8epss 0.02
A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.
- risk 0.64cvss 9.8epss 0.01
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this…
- risk 0.64cvss 9.8epss 0.02
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
- risk 0.64cvss 9.8epss 0.03
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
- risk 0.64cvss 9.8epss 0.02
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.
- risk 0.64cvss 9.8epss 0.02
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
- risk 0.64cvss 9.8epss 0.03
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.
- risk 0.59cvss 9.1epss 0.00
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic
- risk 0.58cvss 8.8epss 0.07
An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.
- risk 0.57cvss 8.8epss 0.00
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
- risk 0.57cvss 8.8epss 0.00
Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.
- risk 0.57cvss 8.8epss 0.01
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.
- risk 0.57cvss 8.8epss 0.03
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…
- risk 0.57cvss 8.8epss 0.03
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…
- risk 0.57cvss 8.8epss 0.03
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…
- risk 0.57cvss 8.8epss 0.03
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…