CVE-2026-27785
Hard-Coded Credentials in Milesight AIOT Camera Firmware
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| milesight | aiot_camera_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves specific firmware versions of Milesight AIOT camera firmware that contain hard-coded credentials.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves hard-coded credentials in specific firmware versions of Milesight AIOT cameras, which can lead to unauthorized access and potential compromise of device security.
Such security weaknesses can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data through strong access controls and secure authentication mechanisms.
Failure to address this vulnerability could result in unauthorized data access or breaches, thereby violating these regulations' requirements for data confidentiality and integrity.
How can this vulnerability impact me? :
The presence of hard-coded credentials in the firmware can allow unauthorized access to the affected devices.
Successful exploitation could lead to device crashes or enable remote code execution, potentially compromising the security and functionality of the devices.
Since these devices are deployed worldwide and impact commercial facilities within critical infrastructure sectors, exploitation could have significant operational and security consequences.
Mitigation measures include minimizing network exposure, isolating control system networks, using secure remote access methods like VPNs, and monitoring for suspicious activity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious activity related to Milesight AIOT camera devices, especially those with specific firmware versions containing hard-coded credentials.
CISA recommends following cybersecurity best practices for industrial control systems, including targeted cyber intrusion detection and mitigation strategies.
While no specific commands are provided in the advisory, organizations should monitor network traffic for unauthorized access attempts to these devices and check for the presence of vulnerable firmware versions.
General network commands that could assist include scanning for devices with open management ports or default credentials, such as using nmap to identify Milesight AIOT cameras on the network.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include minimizing network exposure of the affected Milesight AIOT camera devices by ensuring they are not accessible from the Internet.
Place control system networks and remote devices behind firewalls and isolate them from business networks to reduce risk.
Use secure remote access methods such as Virtual Private Networks (VPNs), while keeping VPN software updated to address potential vulnerabilities.
Perform thorough impact analysis and risk assessments before implementing defenses.
Follow cybersecurity best practices for ICS assets, including monitoring for suspicious activity and adhering to internal reporting procedures.
Educate users to avoid social engineering attacks by not clicking on links or opening attachments in unsolicited emails.