Kirils Solovjovs

**Name of the Vulnerable Software and Affected Versions** Milesight IP security cameras versions prior to 2016-11-14 **Description** The issue is related to a buffer overflow in the web application of the cameras, which can be triggered by a long `username` or `password`. **Recommendations** For versions prior to 2016-11-14, update to a version released after 2016-11-14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Milesight IP security cameras versions prior to 2016-11-14 **Description** The issue concerns a hardcoded SSL private key located under the /etc/config directory. **Recommendations** For Milesight IP security cameras versions prior to 2016-11-14, consider updating the SSL private key to a unique, non-hardcoded value to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Milesight IP security cameras versions prior to 2016-11-14 **Description** The issue allows remote attackers to bypass authentication and access a protected resource. This is achieved by simultaneously making a request for the unprotected `vb.htm` resource. **Recommendations** For versions prior to 2016-11-14, update to a version released after 2016-11-14 to resolve the issue.