CVE-2026-32649
Milesight Cameras OS Command Injection
CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
| CWE | CWE-78 |
| Vendor | milesight |
| Product | ms-cxx63-pd |
| Published | Apr 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for milesight ms-cxx63-pd
Be the first to know when new medium vulnerabilities affecting milesight ms-cxx63-pd are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Milesight / MS-Cxx63-PD
0 ≤ 51.7.0.77-r12
Milesight / MS-Cxx64-xPD
0 ≤ 51.7.0.77-r12
Milesight / MS-Cxx73-xPD
0 ≤ 51.7.0.77-r12
Milesight / MS-Cxx75-xxPD
0 ≤ 51.7.0.77-r12
Milesight / MS-Cxx83-xPD
0 ≤ 51.7.0.77-r12
Milesight / MS-Cxx74-PA
0 ≤ 3x.8.0.3-r11
Milesight / MS-C8477-HPG1
0 ≤ 63.8.0.4-r3
Milesight / MS-C8477-PC
0 ≤ 48.8.0.4-r3
Milesight / MS-C5321-FPE
0 ≤ 62.8.0.4-r5
Milesight / MS-Cxx72-xxxPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx62-xxxPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx52-xxxPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx66-xxxPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx66-xxxGPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx61-xxxPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx67-xxxPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx71-xxxPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx41-xxxPE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx76-PE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx65-PE
0 ≤ 61.8.0.5-r2
Milesight / MS-Cxx66-xxxG1
0 ≤ 63.8.0.5-r3
Milesight / MS-Cxx62-xxxG1
0 ≤ 63.8.0.5-r3
Milesight / MS-Cxx72-xxxG1
0 ≤ 63.8.0.5-r3
Milesight / MS-CQxx31-xxxG1
0 ≤ CQ_63.8.0.5-r1
Milesight / MS-CQxx68-xxxG1
0 ≤ CQ_63.8.0.5-r1
Milesight / MS-CQxx72-xxxG1
0 ≤ CQ_63.8.0.5-r1
Milesight / MS-Nxxxx-NxE
0 ≤ 7x.9.0.19-r5
Milesight / MS-Nxxxx-xxC
0 ≤ 7x.9.0.19-r5
Milesight / MS-Nxxxx-xxE
0 ≤ 7x.9.0.19-r5
Milesight / MS-Nxxxx-xxG
0 ≤ 7x.9.0.19-r5
Milesight / MS-Nxxxx-xxH
0 ≤ 7x.9.0.19-r5
Milesight / MS-Nxxxx-xxT
0 ≤ 7x.9.0.19-r5
Milesight / PMC8266-FPE
0 ≤ PO_61.8.0.4_LPR
Milesight / PMC8266-FGPE
0 ≤ PO_61.8.0.4_LPR
Milesight / PM3322-E
0 ≤ PI_61.8.0.3_LPR-r3
Milesight / TS4466-X4RIPG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS5366-X12RIPG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS8266-X4RIPG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS4466-X4RIVPG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS4466-RFIVPG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS8266-X4RIVPG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS8266-RFIVPG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS4466-X4RIWG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS8266-X4RIWG1
0 ≤ T_63.8.0.4_LPR-r3
Milesight / TS5510-GVH
0 ≤ T_47.8.0.4_LPR-r7
Milesight / TS5510-GH
0 ≤ T_47.8.0.4_LPR-r6
Milesight / TS5511-GVH
0 ≤ T_47.8.0.4_LPR-r6
Milesight / TS2966-X12TPE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS4466-X4RPE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS5366-X12PE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS8266-X4PE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS2966-X12TVPE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS4466-X4RVPE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS5366-X12VPE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS8266-X4VPE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS4441-X36RPE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS4441-X36RE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS4466-X4RWE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / TS8266-X4WE
0 ≤ T_61.8.0.4_LPR-r3
Milesight / MS-C2964-RFLPC
0 ≤ T_45.8.0.3-r9
Milesight / MS-C2972-RFLPC
0 ≤ T_45.8.0.3-r9
Milesight / MS-C2966-RFLWPC
0 ≤ T_45.8.0.3-r9
Milesight / TS2866-X4TPC
0 ≤ T_45.8.0.3-r9
Milesight / TS2866-X4TVPC
0 ≤ T_45.8.0.3-r9
Milesight / TS2866-X4TGPC
0 ≤ T_45.8.0.3-r9
Milesight / TS2841-X36TPC
0 ≤ T_45.8.0.3-r9
Milesight / TS2841-X36TPC/W
0 ≤ T_45.8.0.3-r9
Milesight / TS2867-X5TPC
0 ≤ T_45.8.0.3-r9
Milesight / TS2961-X12TPC
0 ≤ T_45.8.0.3-r9
Milesight / TS8266-FPC/P
0 ≤ T_45.8.0.3-r9
Milesight / MS-C2966-X12RLPC
0 ≤ T_45.8.0.3-r9
Milesight / MS-C2966-X12RLVPC
0 ≤ T_45.8.0.3-r9
Milesight / MS-C5366-X12LPC
0 ≤ T_45.8.0.3-r9
Milesight / MS-C5366-X12LVPC
0 ≤ T_45.8.0.3-r9
Milesight / MS-C5361-X12LPC
0 ≤ T_45.8.0.3-r9
Milesight / MS-Cxx66-xxxxGOPC
0 ≤ 45.8.0.2-AIoT-r4
Milesight / SC211
0 ≤ C_21.1.0.8-r4
Milesight / SP111
0 ≤ 52.8.0.4-r5
Milesight / MS-Cxx66-RFIPKG1
0 ≤ 63.8.0.4-r1-NX
Milesight / MS-Cxx72-RFIPKG1
0 ≤ 63.8.0.4-r1-NX
Milesight / MS-Cxx66-FIPKG1
0 ≤ 63.8.0.4-r1-NX
Milesight / MS-Cxx72-FIPKG1
0 ≤ 63.8.0.4-r1-NX
References
Credits
Souvik Kandar reported these vulnerabilities to CISA