Weak Key Generation Vulnerability in Milesight AIOT Cameras
CVE-2026-28747

7.3HIGH

Key Information:

Vendor: Milesight
Status: Ms-cxx63-pd; Ms-cxx64-xpd; Ms-cxx73-xpd; Ms-cxx75-xxpd
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-28747?

A weak key generation vulnerability has been identified in certain firmware versions of Milesight AIOT cameras, enabling potential bypass of authentication measures. This could allow unauthorized users to gain access to the camera systems, leading to possible security breaches. Ensuring firmware is updated to the latest version is essential for maintaining system integrity and protection against unauthorized access.

Affected Version(s)

MS-C2964-RFLPC 0

MS-C2966-RFLWPC 0

MS-C2966-X12RLPC 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

https://www.milesight.com/support/download/firmware

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

Souvik Kandar reported these vulnerabilities to CISA

CVE-2026-28747 Data

JSON