CVE-2026-27785
Received Received - Intake
Hard-Coded Credentials in Milesight AIOT Camera Firmware

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: ICS-CERT

Description
Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27785
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
milesight aiot_camera_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves specific firmware versions of Milesight AIOT camera firmware that contain hard-coded credentials.

Impact Analysis

The presence of hard-coded credentials in the firmware can allow unauthorized access to the affected devices.

Successful exploitation could lead to device crashes or enable remote code execution, potentially compromising the security and functionality of the devices.

Since these devices are deployed worldwide and impact commercial facilities within critical infrastructure sectors, exploitation could have significant operational and security consequences.

Mitigation measures include minimizing network exposure, isolating control system networks, using secure remote access methods like VPNs, and monitoring for suspicious activity.

Detection Guidance

Detection of this vulnerability involves monitoring for suspicious activity related to Milesight AIOT camera devices, especially those with specific firmware versions containing hard-coded credentials.

CISA recommends following cybersecurity best practices for industrial control systems, including targeted cyber intrusion detection and mitigation strategies.

While no specific commands are provided in the advisory, organizations should monitor network traffic for unauthorized access attempts to these devices and check for the presence of vulnerable firmware versions.

General network commands that could assist include scanning for devices with open management ports or default credentials, such as using nmap to identify Milesight AIOT cameras on the network.

Mitigation Strategies

Immediate mitigation steps include minimizing network exposure of the affected Milesight AIOT camera devices by ensuring they are not accessible from the Internet.

Place control system networks and remote devices behind firewalls and isolate them from business networks to reduce risk.

Use secure remote access methods such as Virtual Private Networks (VPNs), while keeping VPN software updated to address potential vulnerabilities.

Perform thorough impact analysis and risk assessments before implementing defenses.

Follow cybersecurity best practices for ICS assets, including monitoring for suspicious activity and adhering to internal reporting procedures.

Educate users to avoid social engineering attacks by not clicking on links or opening attachments in unsolicited emails.

Compliance Impact

The vulnerability involves hard-coded credentials in specific firmware versions of Milesight AIOT cameras, which can lead to unauthorized access and potential compromise of device security.

Such security weaknesses can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data through strong access controls and secure authentication mechanisms.

Failure to address this vulnerability could result in unauthorized data access or breaches, thereby violating these regulations' requirements for data confidentiality and integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27785. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart