CVE-2026-32644

Received Received - Intake

Default Private Key Exposure in Milesight AIOT Camera Firmware

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: ICS-CERT

Description

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-04-28

Last Modified

2026-04-28

Generated

2026-05-06

AI Q&A

2026-04-28

EPSS Evaluated

2026-05-05

NVD

CVE-2026-32644

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-321	The product uses a hard-coded, unchangeable cryptographic key.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability involves specific firmware versions of Milesight AIOT cameras that use SSL certificates with default private keys.

Using default private keys means that the cryptographic keys intended to secure communications are not unique or properly protected, which can allow attackers to intercept or manipulate data.

How can this vulnerability impact me? :

Because the cameras use SSL certificates with default private keys, attackers could potentially decrypt sensitive communications, impersonate the device, or perform man-in-the-middle attacks.

This can lead to unauthorized access to video feeds, data leakage, or disruption of device functionality.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-32644

Default Private Key Exposure in Milesight AIOT Camera Firmware

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart