Multiple Vulnerabilities Plague Milesight Cameras, Remote Code Execution Possible

A significant number of vulnerabilities have been identified in various models of **Milesight** cameras. Successful exploitation could lead to device crashes or, more critically, remote code execution (RCE).

2026-05-07T06:04:38

## Milesight Camera Vulnerabilities: A Deep Dive Multiple vulnerabilities have been discovered in a wide range of **Milesight** camera models, potentially allowing attackers to compromise devices remotely. These vulnerabilities, detailed in the **CSAF** report, affect numerous camera models and firmware versions. The affected **Milesight** camera versions include: * MS-Cxx63-PD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx64-xPD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx73-xPD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx75-xxPD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx83-xPD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx74-PA <=3x.8.0.3-r11 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C8477-HPG1 <=63.8.0.4-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C8477-PC <=48.8.0.4-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C5321-FPE <=62.8.0.4-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx72-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx62-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx52-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-xxxGPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx61-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx67-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx71-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx41-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx76-PE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx65-PE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-xxxG1 <=63.8.0.5-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx62-xxxG1 <=63.8.0.5-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx72-xxxG1 <=63.8.0.5-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-CQxx31-xxxG1 <=CQ_63.8.0.5-r1 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-CQxx68-xxxG1 <=CQ_63.8.0.5-r1 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-CQxx72-xxxG1 <=CQ_63.8.0.5-r1 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-NxE <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxC <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxE <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxG <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxH <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxT <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * PMC8266-FPE <=PO_61.8.0.4_LPR (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * PMC8266-FGPE <=PO_61.8.0.4_LPR (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * PM3322-E <=PI_61.8.0.3_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RIPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5366-X12RIPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4RIPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-RFIVPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-RFIVPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RIWG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4RIWG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5510-GVH <=T_47.8.0.4_LPR-r7 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5510-GH <=T_47.8.0.4_LPR-r6 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5511-GVH <=T_47.8.0.4_LPR-r6 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2966-X12TPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5366-X12PE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4PE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2966-X12TVPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RVPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5366-X12VPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4VPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4441-X36RPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4441-X36RE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RWE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4WE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2964-RFLPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2972-RFLPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2966-RFLWPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2866-X4TPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2866-X4TVPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2866-X4TGPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2841-X36TPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2841-X36TPC/W <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2867-X5TPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2961-X12TPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-FPC/P <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2966-X12RLPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2966-X12RLVPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C5366-X12LPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C5366-X12LVPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C5361-X12LPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-xxxxGOPC <=45.8.0.2-AIoT-r4 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * SC211 <=C_21.1.0.8-r4 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * SP111 <=52.8.0.4-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-RFI These vulnerabilities, if exploited, could allow attackers to: * **Crash the device:** Causing disruption of service and potential data loss. * **Execute arbitrary code remotely:** Gaining complete control over the affected camera, potentially leading to further network compromise. ## Recommendations Users of the affected **Milesight** camera models are strongly advised to: * **Update Firmware:** Check for and install the latest firmware updates from **Milesight** as soon as they become available. This is the primary method for patching these vulnerabilities. * **Network Segmentation:** Isolate camera networks from other critical systems to limit the potential impact of a successful exploit. * **Strong Passwords:** Ensure all cameras are configured with strong, unique passwords. * **Monitor Network Traffic:** Implement network monitoring to detect any suspicious activity originating from the cameras. Organizations relying on **Milesight** cameras for security should prioritize patching and mitigation to prevent potential exploitation. [View CSAF](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json)

📡 Intelligence Feed

Multiple Vulnerabilities Plague Milesight Cameras, Remote Code Execution Possible

✏️ Edit Article