Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Milesight — Vulnerabilities & Security Advisories 91

Browse all 91 CVE security advisories affecting Milesight. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Milesight operates primarily in the Internet of Things sector, manufacturing IoT sensors, gateways, and video surveillance equipment for industrial and commercial applications. Security analysis reveals a significant vulnerability footprint, with 91 Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from inadequate input validation and weak authentication mechanisms in web interfaces. The company’s firmware and web management consoles have repeatedly exhibited insecure default configurations, allowing unauthorized access to sensitive device settings. While specific large-scale public breaches are not widely reported, the high volume of disclosed CVEs indicates systemic weaknesses in the development lifecycle. Users must prioritize regular firmware updates and network segmentation to mitigate risks associated with these known exploitable defects in their IoT infrastructure.

Top products by Milesight: UR32L MilesightVPN DeviceHub IP security cameras MS-Cxx63-PD NVR MS-Nxxxx-xxG Video Management Systems NCR/camera UG65-868M-EA
CVE IDTitleCVSSSeverityPublished
CVE-2026-20766 Milesight Cameras Heap-based Buffer Overflow — MS-Cxx63-PDCWE-122 8.8 High2026-04-27
CVE-2026-32649 Milesight Cameras OS Command Injection — MS-Cxx63-PDCWE-78 6.8 Medium2026-04-27
CVE-2026-32644 Milesight Cameras Use of Hard-coded Cryptographic Key — MS-Cxx63-PDCWE-321 9.8 Critical2026-04-27
CVE-2026-27785 Milesight Cameras Use of Hard-coded Credentials — MS-Cxx63-PDCWE-798 8.8 High2026-04-27
CVE-2026-28747 Milesight Cameras Authorization Bypass Through User-Controlled Key — MS-Cxx63-PDCWE-639 7.1 High2026-04-27
CVE-2025-4043 Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code — UG65-868M-EACWE-1274 6.8 Medium2025-05-07
CVE-2024-36392 MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — DeviceHubCWE-79 6.1 Medium2024-06-02
CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors — DeviceHubCWE-320 9.1 Critical2024-06-02
CVE-2024-36390 MileSight DeviceHub - CWE-20 Improper Input Validation — DeviceHubCWE-20 7.5 High2024-06-02
CVE-2024-36389 MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values — DeviceHubCWE-330 9.8 Critical2024-06-02
CVE-2024-36388 MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function — DeviceHubCWE-305 10.0 Critical2024-06-02
CVE-2024-27776 MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') — DeviceHubCWE-22 9.8 Critical2024-06-02
CVE-2023-47166 Milesight UR32L 授权问题漏洞 — UR32LCWE-285 8.8 High2024-05-01
CVE-2023-23550 Milesight UR32L 操作系统操作系统命令注入漏洞 — UR32LCWE-77 7.2 High2023-07-06
CVE-2023-23571 Milesight UR32L 安全漏洞 — UR32LCWE-126 7.5 High2023-07-06
CVE-2023-23547 Milesight UR32L 路径遍历漏洞 — UR32LCWE-22 6.5 Medium2023-07-06
CVE-2023-22306 Milesight UR32L 命令注入漏洞 — UR32LCWE-77 7.2 High2023-07-06
CVE-2023-23902 Milesight UR32L 安全漏洞 — UR32LCWE-121 9.8 Critical2023-07-06
CVE-2023-22659 Milesight UR32L 操作系统命令注入漏洞 — UR32LCWE-77 7.2 High2023-07-06
CVE-2023-23907 Milesight VPN 路径遍历漏洞 — MilesightVPNCWE-22 7.5 High2023-07-06
CVE-2023-22319 Milesight VPN SQL注入漏洞 — MilesightVPNCWE-89 7.3 High2023-07-06
CVE-2023-22844 Milesight VPN 安全漏洞 — MilesightVPNCWE-321 7.3 High2023-07-06
CVE-2023-22371 Milesight VPN 操作系统命令注入漏洞 — MilesightVPNCWE-77 8.1 High2023-07-06
CVE-2023-24496 Milesight VPN 安全漏洞 — MilesightVPNCWE-80 4.7 Medium2023-07-06
CVE-2023-24497 Milesight VPN 安全漏洞 — MilesightVPNCWE-80 4.7 Medium2023-07-06
CVE-2023-23546 Milesight UR32L 信任管理问题漏洞 — UR32LCWE-295 4.2 Medium2023-07-06
CVE-2023-24583 Milesight UR32L 命令注入漏洞 — UR32LCWE-77 8.8 High2023-07-06
CVE-2023-24519 Milesight UR32L 操作系统命令注入漏洞 — UR32LCWE-77 8.8 High2023-07-06
CVE-2023-24520 Milesight UR32L 操作系统命令注入漏洞 — UR32LCWE-77 8.8 High2023-07-06
CVE-2023-24582 Milesight UR32L 操作系统命令注入漏洞 — UR32LCWE-77 8.8 High2023-07-06

This page lists every published CVE security advisory associated with Milesight. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.