Critical Vulnerabilities in Milesight Cameras Expose Devices to Remote Code Execution and Crashes

What happened

In April 2026, the Cybersecurity and Infrastructure Security Agency (CISA) released a comprehensive advisory detailing multiple critical vulnerabilities impacting various models of Milesight surveillance cameras. These flaws, tracked under CVE identifiers CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, and CVE-2026-20766, could be exploited remotely to cause device crashes or enable remote code execution (RCE). Such exploits pose significant risks to security and privacy, as attackers may gain unauthorized control over surveillance devices.

This article merges information from the official CISA advisory and other corroborating sources to provide a full picture of the threat, affected products, and mitigation strategies.

Confirmed facts

• Vulnerabilities Identified: Multiple security weaknesses in the firmware of Milesight cameras allow attackers to crash devices or execute arbitrary code remotely.
• Affected Versions: Firmware versions up to 51.7.0.77-r12 and similar versions across dozens of camera models are impacted. This includes popular models such as MS-Cxx63-PD, MS-Cxx64-xPD, MS-C8477-HPG1, MS-C5321-FPE, MS-Nxxxx series, and PMC8266-FPE among others.
• Impact: Successful exploitation can lead to denial of service (device crash) or full remote compromise, enabling attackers to manipulate camera functions, intercept video feeds, or pivot into broader network environments.
• Disclosure Date: The vulnerabilities were publicly disclosed on April 23, 2026.
• Vendor Response: Milesight has released firmware updates addressing these vulnerabilities. Users are urged to upgrade immediately.

Who is affected

• Organizations and Individuals Using Milesight Cameras: Any entity deploying the affected camera models with vulnerable firmware versions is at risk.
• Critical Infrastructure and Enterprises: Surveillance systems in sensitive environments such as corporate offices, manufacturing plants, and critical infrastructure could be targeted.
• Home Users: Residential customers using vulnerable Milesight cameras may face privacy invasions or device disruptions.

What to do now

1. Identify Affected Devices: Check your Milesight camera models and firmware versions against the list of affected versions provided by CISA.
2. Apply Firmware Updates: Download and install the latest firmware updates from the official Milesight website or authorized distributors immediately.
3. Isolate Vulnerable Devices: If immediate patching is not possible, isolate the cameras from public internet access and restrict network connectivity.
4. Monitor Network Traffic: Watch for unusual activity from cameras, including unexpected outbound connections or erratic behavior.
5. Review Access Controls: Ensure strong authentication mechanisms are in place for camera management interfaces.

How to secure yourself

• Regular Firmware Maintenance: Establish a routine to check for and apply firmware updates for all IoT and surveillance devices.
• Network Segmentation: Place cameras on segmented networks separate from critical systems to limit lateral movement in case of compromise.
• Use VPNs and Encrypted Channels: Access cameras remotely only through secure VPNs or encrypted tunnels.
• Strong Password Policies: Avoid default credentials; use complex, unique passwords and enable multi-factor authentication if supported.
• Disable Unnecessary Services: Turn off any camera features or services that are not required to reduce attack surface.

2026 update

The 2026 disclosures highlight an increasing trend of vulnerabilities in IoT and surveillance devices, emphasizing the need for proactive security management. Milesight's prompt firmware patches demonstrate improved vendor responsiveness compared to past years. However, the broad range of affected models and versions indicates legacy devices remain a persistent risk. Moving forward, organizations should prioritize lifecycle management and consider device replacement strategies for unsupported hardware.

FAQ

Are all Milesight cameras affected by these vulnerabilities?

No, only specific models and firmware versions listed in the advisory are affected. Users must verify their devices against the official list.

Can these vulnerabilities be exploited remotely without authentication?

Yes, some of the vulnerabilities allow unauthenticated remote attackers to execute code or crash devices.

What are the risks if my camera is compromised?

Attackers could disrupt surveillance, access live video feeds, manipulate device settings, or use the camera as a foothold to attack other network assets.

How do I check my camera’s firmware version?

Firmware versions can typically be found in the camera’s web interface under system or device information sections.

Where can I download the firmware updates?

Updates are available on the official Milesight website or through authorized support channels.

What if I cannot update the firmware immediately?

Isolate the device from external networks, restrict access, and monitor for suspicious activity until you can patch.

Are there any indicators of compromise I should look for?

Unusual device reboots, unexpected network traffic, or changes in camera behavior may indicate compromise.

Does Milesight provide multi-factor authentication?

Some models support enhanced authentication features; consult the product documentation.

How often should I update my IoT devices?

Regularly check for updates at least quarterly or whenever security advisories are released.

Can attackers use these vulnerabilities to access my home network?

If cameras are on the same network as other devices, attackers may pivot from compromised cameras to other systems.

Why this matters

Milesight cameras are widely deployed for security and surveillance in both enterprise and residential settings. The disclosed vulnerabilities represent a high-risk attack vector that could undermine physical security and privacy. With the increasing integration of IoT devices into critical infrastructure, such flaws can have cascading impacts beyond the immediate device. Timely patching and robust security practices are essential to prevent exploitation and protect sensitive environments.

Sources and corroboration

This article is based on the official CISA advisory ICSA-26-113-03 released on April 23, 2026, which details the vulnerabilities and affected Milesight camera models. Additional corroboration comes from vendor firmware release notes and independent cybersecurity analyses confirming the severity and exploitability of these flaws.

• https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03

---

Tags: [Milesight Cameras, IoT Security, Remote Code Execution, CVE-2026-28747, CVE-2026-27785, Firmware Vulnerabilities, Cybersecurity, Surveillance Camera Security]

Source URLs: [https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03]