Skip to main content

Milesight Cameras CVE-2026-32649

HIGH
OS Command Injection (CWE-78)
2026-04-28 ics-cert@hq.dhs.gov
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

4
Re-analysis Queued
Apr 28, 2026 - 20:23 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 01:31 vuln.today
Analysis Generated
Apr 28, 2026 - 01:22 vuln.today
CVE Published
Apr 28, 2026 - 01:16 nvd
HIGH 7.3

DescriptionCVE.org

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.

AnalysisAI

Command injection in Milesight camera web servers allows authenticated administrators with user interaction to execute arbitrary operating system commands. CISA ICS-CERT issued an advisory (ICSA-26-113-03), indicating operational technology/critical infrastructure relevance. Successful exploitation achieves complete compromise of camera confidentiality and integrity. Attack requires privileged credentials (admin-level) and user interaction, significantly limiting real-world exploitation scenarios compared to unauthenticated remote attacks.

Technical ContextAI

CWE-78 OS Command Injection vulnerability in the web server component of Milesight IP cameras. This class of vulnerability occurs when application code constructs operating system commands using insufficiently sanitized user input, allowing attackers to inject arbitrary shell metacharacters or commands. In camera firmware web interfaces, this typically manifests in administrative functions handling network configuration, firmware updates, or diagnostic utilities where system commands are invoked. The CVSS 4.0 vector indicates network-accessible exploitation but requires high privileges (PR:H) and user interaction (UI:P), suggesting the vulnerable functionality exists in authenticated administrative interfaces rather than public-facing endpoints. CISA's involvement through ICS-CERT indicates these cameras may be deployed in industrial control system environments where operational continuity is critical.

Affected ProductsAI

Milesight IP cameras running specific unpatched firmware versions. CISA advisory ICSA-26-113-03 provides authoritative affected version information at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03. Exact firmware version ranges not specified in available NVD data. Milesight maintains firmware download portal at https://www.milesight.com/support/download/firmware where patched versions would be distributed. Organizations should cross-reference deployed camera models and firmware versions against the CISA advisory's affected products section.

RemediationAI

Apply vendor-released firmware updates from Milesight's official firmware repository at https://www.milesight.com/support/download/firmware, following version guidance in CISA advisory ICSA-26-113-03 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03. Until patching, implement network segmentation isolating cameras from untrusted networks and enforce strong unique administrative passwords with multi-factor authentication if supported by firmware. Disable remote administrative access where cameras are only accessed from dedicated management VLANs. Monitor administrative session logs for unusual command execution patterns. For OT environments, coordinate firmware updates during planned maintenance windows with operations teams to avoid disrupting video surveillance of critical processes. Note that firmware updates may require camera reboots causing temporary video loss.

Share

CVE-2026-32649 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy