VYPR
Vendor

Milestone Systems

Products
3
CVEs
5
Across products
5
Status
Private

Products

3

Recent CVEs

5
  • CVE-2018-7891HigApr 30, 2018
    risk 0.53cvss 8.1epss 0.04

    The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.

  • CVE-2024-12569HigDec 19, 2024
    risk 0.51cvss 7.8epss 0.00

    Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions.

  • CVE-2024-3506MedOct 8, 2024
    risk 0.44cvss 6.7epss 0.00

    A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.

  • CVE-2025-0836MedDec 16, 2025
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.

  • CVE-2025-1688MedApr 15, 2025
    risk 0.36cvss 5.5epss 0.00

    Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that…