Milesight AIOT Camera CVE-2026-27785
HIGHSeverity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.
AnalysisAI
Hard-coded credentials in Milesight AIOT camera firmware allow adjacent network attackers to gain full system access without authentication. CISA ICS-CERT has published an advisory, indicating industrial/IoT deployment concern. The CVSS 7.7 score reflects adjacent network vector (AV:A) with low complexity (AC:L) and no authentication required (PR:N), enabling complete compromise of confidentiality, integrity, and availability on vulnerable devices. Firmware-level credential hardcoding (CWE-798) cannot be disabled through configuration changes, making patching critical for exposed industrial camera deployments.
Technical ContextAI
CWE-798 represents authentication credentials that are embedded directly in firmware code, configuration files, or binaries during manufacturing. These credentials typically cannot be changed by end users and persist across device resets. Milesight AIOT cameras are industrial-grade IoT surveillance devices commonly deployed in critical infrastructure, manufacturing facilities, and building management systems. The CVSS 4.0 vector indicates adjacent network access (AV:A), meaning attackers must be on the same network segment or VLAN as the camera-common in industrial control system (ICS) environments where cameras share networks with SCADA systems and PLCs. The AT:P (Attack Requirements: Present) modifier suggests specific conditions beyond basic network adjacency may apply, though the description does not detail these requirements. Hard-coded credentials are particularly dangerous in IoT devices because they provide a persistent backdoor that survives firmware updates unless explicitly removed by the vendor.
Affected ProductsAI
Milesight AIOT camera models running specific vulnerable firmware versions detailed in CISA advisory ICSA-26-113-03. The advisory available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03 and corresponding CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json contain the definitive list of affected firmware versions and camera models. Organizations should cross-reference their deployed camera model numbers and firmware versions against the CISA advisory to determine exposure. Milesight's firmware download page at https://www.milesight.com/support/download/firmware provides current firmware versions for comparison.
RemediationAI
Upgrade affected Milesight AIOT cameras to patched firmware versions specified in CISA advisory ICSA-26-113-03 available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03, with exact fix versions listed in the CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json. Download patched firmware from Milesight's official support portal at https://www.milesight.com/support/download/firmware and verify cryptographic signatures before deployment. Because hard-coded credentials are embedded in firmware, no configuration-based workaround eliminates the vulnerability. For devices awaiting patching, implement network segmentation to isolate cameras on dedicated VLANs with no routes to control networks or corporate infrastructure, configure firewall rules permitting only necessary management protocols from specific authorized IP addresses, deploy network access control (NAC) to prevent unauthorized adjacent network access, and enable intrusion detection to monitor for authentication attempts using default or hard-coded credentials. Note that network segmentation trades reduced camera accessibility for security-remote management may require VPN or jump hosts. Deploy patches during scheduled maintenance windows with fallback plans, as firmware updates carry risk of device bricking in industrial environments where physical access for recovery may be limited.
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today