Milesight Cameras CVE-2026-32649
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
AnalysisAI
Command injection in Milesight camera web servers allows authenticated administrators with user interaction to execute arbitrary operating system commands. CISA ICS-CERT issued an advisory (ICSA-26-113-03), indicating operational technology/critical infrastructure relevance. Successful exploitation achieves complete compromise of camera confidentiality and integrity. Attack requires privileged credentials (admin-level) and user interaction, significantly limiting real-world exploitation scenarios compared to unauthenticated remote attacks.
Technical ContextAI
CWE-78 OS Command Injection vulnerability in the web server component of Milesight IP cameras. This class of vulnerability occurs when application code constructs operating system commands using insufficiently sanitized user input, allowing attackers to inject arbitrary shell metacharacters or commands. In camera firmware web interfaces, this typically manifests in administrative functions handling network configuration, firmware updates, or diagnostic utilities where system commands are invoked. The CVSS 4.0 vector indicates network-accessible exploitation but requires high privileges (PR:H) and user interaction (UI:P), suggesting the vulnerable functionality exists in authenticated administrative interfaces rather than public-facing endpoints. CISA's involvement through ICS-CERT indicates these cameras may be deployed in industrial control system environments where operational continuity is critical.
Affected ProductsAI
Milesight IP cameras running specific unpatched firmware versions. CISA advisory ICSA-26-113-03 provides authoritative affected version information at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03. Exact firmware version ranges not specified in available NVD data. Milesight maintains firmware download portal at https://www.milesight.com/support/download/firmware where patched versions would be distributed. Organizations should cross-reference deployed camera models and firmware versions against the CISA advisory's affected products section.
RemediationAI
Apply vendor-released firmware updates from Milesight's official firmware repository at https://www.milesight.com/support/download/firmware, following version guidance in CISA advisory ICSA-26-113-03 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03. Until patching, implement network segmentation isolating cameras from untrusted networks and enforce strong unique administrative passwords with multi-factor authentication if supported by firmware. Disable remote administrative access where cameras are only accessed from dedicated management VLANs. Monitor administrative session logs for unusual command execution patterns. For OT environments, coordinate firmware updates during planned maintenance windows with operations teams to avoid disrupting video surveillance of critical processes. Note that firmware updates may require camera reboots causing temporary video loss.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today