Skip to main content

Milesight Cameras CVE-2026-32649

HIGH
OS Command Injection (CWE-78)
2026-04-28 ics-cert@hq.dhs.gov
Command Injection
7.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

4
Re-analysis Queued
Apr 28, 2026 - 20:23 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 01:31 vuln.today
Analysis Generated
Apr 28, 2026 - 01:22 vuln.today
CVE Published
Apr 28, 2026 - 01:16 nvd
HIGH 7.3

DescriptionNVD

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.

AnalysisAI

Command injection in Milesight camera web servers allows authenticated administrators with user interaction to execute arbitrary operating system commands. CISA ICS-CERT issued an advisory (ICSA-26-113-03), indicating operational technology/critical infrastructure relevance. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all Milesight cameras in your environment and document current firmware versions; restrict administrative access to Milesight cameras to named personnel only and enforce MFA if available. Within 7 days: Isolate affected Milesight cameras to a segregated network segment or VLAN; disable unnecessary remote access to camera web interfaces and require VPN/jump-host access for administration. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-32649 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy