CVE-2026-28747 PUBLISHED

Milesight Cameras Authorization Bypass Through User-Controlled Key

Assigner: icscert
Reserved: 12.03.2026 Published: 27.04.2026 Updated: 27.04.2026

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.

Metrics

CVSS Vector: CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.3

Product Status

Vendor Milesight
Product MS-Cxx63-PD
Versions Default: unaffected
  • affected from 0 to 51.7.0.77-r12 (incl.)
Vendor Milesight
Product MS-Cxx64-xPD
Versions Default: unaffected
  • affected from 0 to 51.7.0.77-r12 (incl.)
Vendor Milesight
Product MS-Cxx73-xPD
Versions Default: unaffected
  • affected from 0 to 51.7.0.77-r12 (incl.)
Vendor Milesight
Product MS-Cxx75-xxPD
Versions Default: unaffected
  • affected from 0 to 51.7.0.77-r12 (incl.)
Vendor Milesight
Product MS-Cxx83-xPD
Versions Default: unaffected
  • affected from 0 to 51.7.0.77-r12 (incl.)
Vendor Milesight
Product MS-Cxx74-PA
Versions Default: unaffected
  • affected from 0 to 3x.8.0.3-r11 (incl.)
Vendor Milesight
Product MS-C8477-HPG1
Versions Default: unaffected
  • affected from 0 to 63.8.0.4-r3 (incl.)
Vendor Milesight
Product MS-C8477-PC
Versions Default: unaffected
  • affected from 0 to 48.8.0.4-r3 (incl.)
Vendor Milesight
Product MS-C5321-FPE
Versions Default: unaffected
  • affected from 0 to 62.8.0.4-r5 (incl.)
Vendor Milesight
Product MS-Cxx72-xxxPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx62-xxxPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx52-xxxPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx66-xxxPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx66-xxxGPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx61-xxxPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx67-xxxPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx71-xxxPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx41-xxxPE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx76-PE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx65-PE
Versions Default: unaffected
  • affected from 0 to 61.8.0.5-r2 (incl.)
Vendor Milesight
Product MS-Cxx66-xxxG1
Versions Default: unaffected
  • affected from 0 to 63.8.0.5-r3 (incl.)
Vendor Milesight
Product MS-Cxx62-xxxG1
Versions Default: unaffected
  • affected from 0 to 63.8.0.5-r3 (incl.)
Vendor Milesight
Product MS-Cxx72-xxxG1
Versions Default: unaffected
  • affected from 0 to 63.8.0.5-r3 (incl.)
Vendor Milesight
Product MS-CQxx31-xxxG1
Versions Default: unaffected
  • affected from 0 to CQ_63.8.0.5-r1 (incl.)
Vendor Milesight
Product MS-CQxx68-xxxG1
Versions Default: unaffected
  • affected from 0 to CQ_63.8.0.5-r1 (incl.)
Vendor Milesight
Product MS-CQxx72-xxxG1
Versions Default: unaffected
  • affected from 0 to CQ_63.8.0.5-r1 (incl.)
Vendor Milesight
Product MS-Nxxxx-NxE
Versions Default: unaffected
  • affected from 0 to 7x.9.0.19-r5 (incl.)
Vendor Milesight
Product MS-Nxxxx-xxC
Versions Default: unaffected
  • affected from 0 to 7x.9.0.19-r5 (incl.)
Vendor Milesight
Product MS-Nxxxx-xxE
Versions Default: unaffected
  • affected from 0 to 7x.9.0.19-r5 (incl.)
Vendor Milesight
Product MS-Nxxxx-xxG
Versions Default: unaffected
  • affected from 0 to 7x.9.0.19-r5 (incl.)
Vendor Milesight
Product MS-Nxxxx-xxH
Versions Default: unaffected
  • affected from 0 to 7x.9.0.19-r5 (incl.)
Vendor Milesight
Product MS-Nxxxx-xxT
Versions Default: unaffected
  • affected from 0 to 7x.9.0.19-r5 (incl.)
Vendor Milesight
Product PMC8266-FPE
Versions Default: unaffected
  • affected from 0 to PO_61.8.0.4_LPR (incl.)
Vendor Milesight
Product PMC8266-FGPE
Versions Default: unaffected
  • affected from 0 to PO_61.8.0.4_LPR (incl.)
Vendor Milesight
Product PM3322-E
Versions Default: unaffected
  • affected from 0 to PI_61.8.0.3_LPR-r3 (incl.)
Vendor Milesight
Product TS4466-X4RIPG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS5366-X12RIPG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS8266-X4RIPG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS4466-X4RIVPG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS4466-RFIVPG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS8266-X4RIVPG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS8266-RFIVPG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS4466-X4RIWG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS8266-X4RIWG1
Versions Default: unaffected
  • affected from 0 to T_63.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS5510-GVH
Versions Default: unaffected
  • affected from 0 to T_47.8.0.4_LPR-r7 (incl.)
Vendor Milesight
Product TS5510-GH
Versions Default: unaffected
  • affected from 0 to T_47.8.0.4_LPR-r6 (incl.)
Vendor Milesight
Product TS5511-GVH
Versions Default: unaffected
  • affected from 0 to T_47.8.0.4_LPR-r6 (incl.)
Vendor Milesight
Product TS2966-X12TPE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS4466-X4RPE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS5366-X12PE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS8266-X4PE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS2966-X12TVPE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS4466-X4RVPE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS5366-X12VPE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS8266-X4VPE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS4441-X36RPE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS4441-X36RE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS4466-X4RWE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product TS8266-X4WE
Versions Default: unaffected
  • affected from 0 to T_61.8.0.4_LPR-r3 (incl.)
Vendor Milesight
Product MS-C2964-RFLPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product MS-C2972-RFLPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product MS-C2966-RFLWPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product TS2866-X4TPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product TS2866-X4TVPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product TS2866-X4TGPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product TS2841-X36TPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product TS2841-X36TPC/W
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product TS2867-X5TPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product TS2961-X12TPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product TS8266-FPC/P
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product MS-C2966-X12RLPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product MS-C2966-X12RLVPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product MS-C5366-X12LPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product MS-C5366-X12LVPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product MS-C5361-X12LPC
Versions Default: unaffected
  • affected from 0 to T_45.8.0.3-r9 (incl.)
Vendor Milesight
Product MS-Cxx66-xxxxGOPC
Versions Default: unaffected
  • affected from 0 to 45.8.0.2-AIoT-r4 (incl.)
Vendor Milesight
Product SC211
Versions Default: unaffected
  • affected from 0 to C_21.1.0.8-r4 (incl.)
Vendor Milesight
Product SP111
Versions Default: unaffected
  • affected from 0 to 52.8.0.4-r5 (incl.)
Vendor Milesight
Product MS-Cxx66-RFIPKG1
Versions Default: unaffected
  • affected from 0 to 63.8.0.4-r1-NX (incl.)
Vendor Milesight
Product MS-Cxx72-RFIPKG1
Versions Default: unaffected
  • affected from 0 to 63.8.0.4-r1-NX (incl.)
Vendor Milesight
Product MS-Cxx66-FIPKG1
Versions Default: unaffected
  • affected from 0 to 63.8.0.4-r1-NX (incl.)
Vendor Milesight
Product MS-Cxx72-FIPKG1
Versions Default: unaffected
  • affected from 0 to 63.8.0.4-r1-NX (incl.)

Solutions

Milesight asks all users to report potential security vulnerabilities to security@milesight.com. mailto:security@milesight.com Learn more: Milesight Vulnerability Reporting Policy https://www.milesight.com/legal/vulnerability-report

Credits

  • Souvik Kandar reported these vulnerabilities to CISA finder

References

Problem Types

  • CWE-639 CWE