Skip to main content

Milesight AIOT cameras CVE-2026-20766

HIGH
Heap-based Buffer Overflow (CWE-122)
2026-04-28 ics-cert@hq.dhs.gov
8.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

4
Re-analysis Queued
Apr 28, 2026 - 20:23 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 01:30 vuln.today
Analysis Generated
Apr 28, 2026 - 01:22 vuln.today
CVE Published
Apr 28, 2026 - 01:16 nvd
HIGH 8.6

DescriptionCVE.org

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

AnalysisAI

Out-of-bounds memory access in Milesight AIOT camera firmware enables remote attackers to achieve high-severity impacts on confidentiality, integrity, and availability when users interact with malicious content. CISA ICS-CERT has issued an advisory for this industrial IoT vulnerability. With network attack vector (AV:N) and low complexity (AC:L) but requiring user interaction (UI:A), the vulnerability presents significant risk to operational technology environments where these cameras are deployed for industrial surveillance and monitoring applications.

Technical ContextAI

This vulnerability stems from CWE-122 (Heap-based Buffer Overflow), a memory corruption class where data writes exceed allocated heap memory boundaries. Tagged as both Buffer Overflow and Heap Overflow, the flaw exists in the firmware layer of Milesight's AIOT (Artificial Intelligence of Things) camera product line, which combines IP camera functionality with AI-powered analytics for industrial and smart building applications. Heap-based overflows are particularly dangerous in embedded device firmware as they can corrupt memory management structures, leading to arbitrary code execution. The CVSS 4.0 vector indicates network-accessible attack surface with no privilege requirements (PR:N), suggesting the vulnerable code path is exposed through network-facing services such as HTTP/HTTPS management interfaces or streaming protocols commonly used in IP cameras.

Affected ProductsAI

Milesight AIOT camera models running vulnerable firmware versions are affected. CISA advisory ICSA-26-113-03 provides authoritative affected version details. The vendor advisory is available at https://www.milesight.com/support/download/firmware with firmware-specific vulnerability mapping. Exact model numbers and vulnerable firmware version ranges should be confirmed from the CISA CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json. Multiple camera models within Milesight's AIOT product line are likely affected given the general firmware-level nature of the vulnerability.

RemediationAI

Milesight has released patched firmware versions available through their official support portal at https://www.milesight.com/support/download/firmware - consult CISA advisory ICSA-26-113-03 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03 for exact patched firmware versions mapped to specific camera models. Upgrade affected cameras to the vendor-specified fixed firmware following Milesight's update procedures and verify firmware version post-upgrade. Until patching is complete, implement network segmentation to isolate cameras from untrusted networks and restrict administrative interface access to known management IP addresses via firewall rules. Disable remote administrative access if not operationally required and enforce VPN access for camera management. Since exploitation requires user interaction (UI:A), implement strict access controls on who can access camera web interfaces and conduct security awareness training to prevent users from clicking untrusted links or accessing malicious URLs through camera management portals. Monitor camera access logs for anomalous administrative activity. Note that disabling network access significantly reduces camera monitoring functionality, so network-based mitigations must balance security with operational requirements.

Share

CVE-2026-20766 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy