Múltiplas Vulnerabilidades Afetam Câmeras Milesight, Possível Execução Remota de Código

Um número significativo de vulnerabilidades foi identificado em vários modelos de câmeras **Milesight**. A exploração bem-sucedida pode levar a travamentos do dispositivo ou, mais criticamente, à execução remota de código (RCE).

2026-05-07T06:04:38

## Vulnerabilidades em Câmeras Milesight: Uma Análise Profunda Múltiplas vulnerabilidades foram descobertas em uma ampla gama de modelos de câmeras **Milesight**, permitindo potencialmente que atacantes comprometam dispositivos remotamente. Essas vulnerabilidades, detalhadas no relatório **CSAF**, afetam inúmeros modelos de câmeras e versões de firmware. As versões de câmeras **Milesight** afetadas incluem: * MS-Cxx63-PD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx64-xPD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx73-xPD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx75-xxPD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx83-xPD <=51.7.0.77-r12 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx74-PA <=3x.8.0.3-r11 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C8477-HPG1 <=63.8.0.4-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C8477-PC <=48.8.0.4-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C5321-FPE <=62.8.0.4-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx72-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx62-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx52-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-xxxGPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx61-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx67-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx71-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx41-xxxPE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx76-PE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx65-PE <=61.8.0.5-r2 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-xxxG1 <=63.8.0.5-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx62-xxxG1 <=63.8.0.5-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx72-xxxG1 <=63.8.0.5-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-CQxx31-xxxG1 <=CQ_63.8.0.5-r1 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-CQxx68-xxxG1 <=CQ_63.8.0.5-r1 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-CQxx72-xxxG1 <=CQ_63.8.0.5-r1 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-NxE <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxC <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxE <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxG <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxH <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Nxxxx-xxT <=7x.9.0.19-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * PMC8266-FPE <=PO_61.8.0.4_LPR (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * PMC8266-FGPE <=PO_61.8.0.4_LPR (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * PM3322-E <=PI_61.8.0.3_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RIPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5366-X12RIPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4RIPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-RFIVPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4RIVPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-RFIVPG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RIWG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4RIWG1 <=T_63.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5510-GVH <=T_47.8.0.4_LPR-r7 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5510-GH <=T_47.8.0.4_LPR-r6 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5511-GVH <=T_47.8.0.4_LPR-r6 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2966-X12TPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5366-X12PE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4PE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2966-X12TVPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RVPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS5366-X12VPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4VPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4441-X36RPE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4441-X36RE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS4466-X4RWE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-X4WE <=T_61.8.0.4_LPR-r3 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2964-RFLPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2972-RFLPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2966-RFLWPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2866-X4TPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2866-X4TVPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2866-X4TGPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2841-X36TPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2841-X36TPC/W <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2867-X5TPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS2961-X12TPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * TS8266-FPC/P <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2966-X12RLPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C2966-X12RLVPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C5366-X12LPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C5366-X12LVPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-C5361-X12LPC <=T_45.8.0.3-r9 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-xxxxGOPC <=45.8.0.2-AIoT-r4 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * SC211 <=C_21.1.0.8-r4 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * SP111 <=52.8.0.4-r5 (**CVE-2026-28747**, **CVE-2026-27785**, **CVE-2026-32644**, **CVE-2026-32649**, **CVE-2026-20766**) * MS-Cxx66-RFI Essas vulnerabilidades, se exploradas, podem permitir que atacantes: * **Travem o dispositivo:** Causando interrupção do serviço e potencial perda de dados. * **Executem código arbitrário remotamente:** Obtendo controle total sobre a câmera afetada, o que pode levar a um comprometimento adicional da rede. ## Recomendações Usuários dos modelos de câmeras **Milesight** afetados são fortemente aconselhados a: * **Atualizar o Firmware:** Verificar e instalar as atualizações de firmware mais recentes da **Milesight** assim que estiverem disponíveis. Este é o principal método para corrigir essas vulnerabilidades. * **Segmentação de Rede:** Isolar as redes das câmeras de outros sistemas críticos para limitar o impacto potencial de uma exploração bem-sucedida. * **Senhas Fortes:** Garantir que todas as câmeras sejam configuradas com senhas fortes e exclusivas. * **Monitorar o Tráfego de Rede:** Implementar monitoramento de rede para detectar qualquer atividade suspeita originada das câmeras. Organizações que dependem de câmeras **Milesight** para segurança devem priorizar a aplicação de patches e a mitigação para prevenir a exploração potencial. [Ver CSAF](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json)

📡 Intelligence Feed

Múltiplas Vulnerabilidades Afetam Câmeras Milesight, Possível Execução Remota de Código

✏️ Edit Article