Which versions of Milesight AIOT cameras are affected by CVE-2026-32644?

Milesight AIOT cameras contain hardcoded SSL private keys that allow unauthenticated remote attackers to intercept and decrypt all encrypted communications, potentially enabling credential theft and…

Milesight AIOT cameras CVE-2026-32644

Q: What is the CVSS score of CVE-2026-32644?

CVE-2026-32644 has a CVSS 4.0 base score of 9.2 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

CRITICAL

Use of Hard-coded Cryptographic Key (CWE-321)

2026-04-28 ics-cert@hq.dhs.gov

Information Disclosure

9.2

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 28, 2026 - 20:23 vuln.today

cvss_changed

Analysis Generated

Apr 28, 2026 - 01:30 vuln.today

Analysis Generated

Apr 28, 2026 - 01:22 vuln.today

CVE Published

Apr 28, 2026 - 01:16 nvd

CRITICAL 9.2

DescriptionNVD

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

AnalysisAI

Milesight AIOT cameras ship with hardcoded SSL private keys enabling remote man-in-the-middle attacks and credential interception. Remote unauthenticated attackers can decrypt TLS traffic, impersonate camera services, and potentially gain administrative access to affected devices. …

RemediationAI

Within 24 hours: Inventory all Milesight AIOT cameras in your environment and document network location, firmware version, and connected systems. Within 7 days: Isolate affected cameras to a segregated network segment or VLAN with restricted access; disable internet-facing access; implement network monitoring on camera traffic. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32644 vulnerability details – vuln.today

Back

Milesight AIOT cameras CVE-2026-32644

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Milesight AIOT cameras CVE-2026-32644

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code