What the vulnerability does
01Description
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
CVSS base score
7.3/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
April 27, 2026
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-24684 PDF Light Viewer < 1.4.12 - Authenticated Command Injection
CVE-2026-26943
CVE-2023-50205 D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability
CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)
CVE-2013-10037 WebTester 5.x install2.php Unauthenticated Command Execution
