# Vulnerability Summary: Milesight Cameras ## Vulnerability Overview * **Release Date**: April 23, 2026 * **Alert Code**: ICSA-26-113-03 * **CVSS Score**: 9.8 (Critical) * **Risk Description**: Successful exploitation of these vulnerabilities may lead to device crashes or allow remote code execution. * **Vulnerability Types**: * Authorization bypass via user-controlled keys * Use of hardcoded credentials * Use of hardcoded encryption keys * Operating system command injection * Stack buffer overflow ## Affected Scope The affected devices are **Milesight Cameras**, with firmware versions meeting the following conditions (partial examples): * MS-Cxx63-PD <= 51.7.0.77-r12 * MS-Cxx64-xPMD <= 51.7.0.77-r12 * MS-C8477-HPG1 <= 63.8.0.4-r3 * MS-C5321-FPE <= 62.8.0.4-r5 * MS-Cxx72-xxPE <= 61.8.0.5-r2 * MS-Cxx62-xxxG1 <= 63.8.0.5-r3 * MS-CQxx31-xxxG1 <= CQ_63.8.0.5-r1 * MS-Nxxxx-xxE <= 7x.9.0.19-r5 * PMC8266-FPE <= PO_61.8.0.4_LPR-r3 * TS4466-X4RIPG1 <= T_63.8.0.4_LPR-r3 * TS5510-GVH <= T_47.8.0.4_LPR-r7 * TS2966-X12TPE <= T_61.8.0.4_LPR-r3 * TS4441-X36RPE <= T_61.8.0.4_LPR-r3 * MS-C2964-RFLPC <= T_45.8.0.3-r9 * TS2866-X4TPC <= T_45.8.0.3-r9 * MS-C2966-X12RLPC <= T_45.8.0.3-r9 * MS-Cxx66-xxxxGOPC <= 45.8.0.2-AIoT-r4 * SC111 <= C_21.1.0.8-r4 * SP111 <= 52.8.0.4-r5 * MS-Cxx66-RFIPKG1 <= 63.8.0.4-r1-NX * MS-Cxx72-RFIPKG1 <= 63.8.0.4-r1-NX ## Remediation * The page does not provide specific patch download links or version upgrade guidance. * It is recommended to refer to the official security updates released by the manufacturer (Milesight) to remediate the vulnerabilities. ## POC/Exploit Code * The page does not contain specific POC code or exploit code.