CVE-2026-32644 CRITICAL

CVE-2026-32644: Milesight Cameras Use of Hard-coded Cryptographic Key

Vendor Milesight
Product MS-Cxx63-PD
Weakness CWE-321
Published April 27, 2026
Last update April 28, 2026

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

Key dates

02Disclosure timeline

April 27, 2026 CVE published
April 28, 2026 Record updated