Skip to main content

Milesight AIOT Camera CVE-2026-27785

HIGH
Use of Hard-coded Credentials (CWE-798)
2026-04-28 ics-cert@hq.dhs.gov
7.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.7 HIGH
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Re-analysis Queued
Apr 28, 2026 - 20:23 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 00:30 vuln.today
Analysis Generated
Apr 28, 2026 - 00:22 vuln.today
CVE Published
Apr 28, 2026 - 00:16 nvd
HIGH 7.7

DescriptionCVE.org

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

AnalysisAI

Hard-coded credentials in Milesight AIOT camera firmware allow adjacent network attackers to gain full system access without authentication. CISA ICS-CERT has published an advisory, indicating industrial/IoT deployment concern. The CVSS 7.7 score reflects adjacent network vector (AV:A) with low complexity (AC:L) and no authentication required (PR:N), enabling complete compromise of confidentiality, integrity, and availability on vulnerable devices. Firmware-level credential hardcoding (CWE-798) cannot be disabled through configuration changes, making patching critical for exposed industrial camera deployments.

Technical ContextAI

CWE-798 represents authentication credentials that are embedded directly in firmware code, configuration files, or binaries during manufacturing. These credentials typically cannot be changed by end users and persist across device resets. Milesight AIOT cameras are industrial-grade IoT surveillance devices commonly deployed in critical infrastructure, manufacturing facilities, and building management systems. The CVSS 4.0 vector indicates adjacent network access (AV:A), meaning attackers must be on the same network segment or VLAN as the camera-common in industrial control system (ICS) environments where cameras share networks with SCADA systems and PLCs. The AT:P (Attack Requirements: Present) modifier suggests specific conditions beyond basic network adjacency may apply, though the description does not detail these requirements. Hard-coded credentials are particularly dangerous in IoT devices because they provide a persistent backdoor that survives firmware updates unless explicitly removed by the vendor.

Affected ProductsAI

Milesight AIOT camera models running specific vulnerable firmware versions detailed in CISA advisory ICSA-26-113-03. The advisory available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03 and corresponding CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json contain the definitive list of affected firmware versions and camera models. Organizations should cross-reference their deployed camera model numbers and firmware versions against the CISA advisory to determine exposure. Milesight's firmware download page at https://www.milesight.com/support/download/firmware provides current firmware versions for comparison.

RemediationAI

Upgrade affected Milesight AIOT cameras to patched firmware versions specified in CISA advisory ICSA-26-113-03 available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03, with exact fix versions listed in the CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json. Download patched firmware from Milesight's official support portal at https://www.milesight.com/support/download/firmware and verify cryptographic signatures before deployment. Because hard-coded credentials are embedded in firmware, no configuration-based workaround eliminates the vulnerability. For devices awaiting patching, implement network segmentation to isolate cameras on dedicated VLANs with no routes to control networks or corporate infrastructure, configure firewall rules permitting only necessary management protocols from specific authorized IP addresses, deploy network access control (NAC) to prevent unauthorized adjacent network access, and enable intrusion detection to monitor for authentication attempts using default or hard-coded credentials. Note that network segmentation trades reduced camera accessibility for security-remote management may require VPN or jump hosts. Deploy patches during scheduled maintenance windows with fallback plans, as firmware updates carry risk of device bricking in industrial environments where physical access for recovery may be limited.

Share

CVE-2026-27785 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy