VYPR

Vendor CVEs

Milesight

All CVEs

94 total · sorted by risk
  • CVE-2024-36388CriJun 2, 2024
    risk 0.65cvss 10.0epss 0.00

    MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function

  • CVE-2026-32644CriApr 28, 2026
    risk 0.64cvss 9.8epss 0.00

    Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

  • CVE-2024-36389CriJun 2, 2024
    risk 0.64cvss 9.8epss 0.01

    MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

  • CVE-2024-27776CriJun 2, 2024
    risk 0.64cvss 9.8epss 0.01

    MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE

  • CVE-2023-23902CriJul 6, 2023
    risk 0.64cvss 9.8epss 0.02

    A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-30466CriApr 28, 2023
    risk 0.64cvss 9.8epss 0.01

    This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this…

  • CVE-2016-2360CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.

  • CVE-2016-2359CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.03

    Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.

  • CVE-2016-2358CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.

  • CVE-2016-2357CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.

  • CVE-2016-2356CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.03

    Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.

  • CVE-2024-36391CriJun 2, 2024
    risk 0.59cvss 9.1epss 0.00

    MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic

  • CVE-2023-22653HigJul 6, 2023
    risk 0.58cvss 8.8epss 0.07

    An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2026-20766HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.00

    An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

  • CVE-2026-27785HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

  • CVE-2023-47166HigMay 1, 2024
    risk 0.57cvss 8.8epss 0.01

    A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-24583HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…

  • CVE-2023-24582HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…

  • CVE-2023-24520HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…

  • CVE-2023-24519HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…

  • CVE-2023-24018HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.01

    A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this…

  • CVE-2023-22299HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-43261HigOct 4, 2023
    risk 0.54cvss 7.5epss 0.60

    An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

  • CVE-2023-24019HigJul 6, 2023
    risk 0.53cvss 8.1epss 0.01

    A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2023-22371HigJul 6, 2023
    risk 0.53cvss 8.1epss 0.03

    An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2023-32220HigJun 12, 2023
    risk 0.53cvss 8.2epss 0.01

    Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.

  • CVE-2024-36390HigJun 2, 2024
    risk 0.49cvss 7.5epss 0.00

    MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service

  • CVE-2023-23907HigJul 6, 2023
    risk 0.49cvss 7.5epss 0.01

    A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-23571HigJul 6, 2023
    risk 0.49cvss 7.5epss 0.01

    An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-24506HigMay 8, 2023
    risk 0.49cvss 7.5epss 0.01

    Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.

  • CVE-2023-30467HigApr 28, 2023
    risk 0.49cvss 7.5epss 0.01

    This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by…

  • CVE-2022-3001HigSep 15, 2022
    risk 0.49cvss 7.5epss 0.01

    This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http…

  • CVE-2023-22844HigJul 6, 2023
    risk 0.48cvss 7.3epss 0.01

    An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-22319HigJul 6, 2023
    risk 0.48cvss 7.3epss 0.01

    A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2023-25583HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.03

    Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is…

  • CVE-2023-25582HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.03

    Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is…

  • CVE-2023-25124HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25123HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25122HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25121HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25120HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25119HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25118HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25117HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25116HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25115HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25114HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25113HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25112HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25111HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

Page 1 of 2