PT-2026-35538 · Milesight · Ms-C2964-Rflpc+77

Published

2026-04-27

Updated

2026-04-27

CVE-2026-28747

CVSS v3.1

7.1

High

AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2026-28747

Affected Products

Ms-C2964-Rflpc

Ms-C2966-Rflwpc

Ms-C2966-X12Rlpc

Ms-C2966-X12Rlvpc

Ms-C2972-Rflpc

Ms-C5321-Fpe

Ms-C5361-X12Lpc

Ms-C5366-X12Lpc

Ms-C5366-X12Lvpc

Ms-C8477-Hpg1

Ms-C8477-Pc

Ms-Cqxx31-Xxxg1

Ms-Cqxx68-Xxxg1

Ms-Cqxx72-Xxxg1

Ms-Cxx41-Xxxpe

Ms-Cxx52-Xxxpe

Ms-Cxx61-Xxxpe

Ms-Cxx62-Xxxg1

Ms-Cxx62-Xxxpe

Ms-Cxx63-Pd

Ms-Cxx64-Xpd

Ms-Cxx65-Pe

Ms-Cxx66-Fipkg1

Ms-Cxx66-Rfipkg1

Ms-Cxx66-Xxxg1

Ms-Cxx66-Xxxgpe

Ms-Cxx66-Xxxpe

Ms-Cxx66-Xxxxgopc

Ms-Cxx67-Xxxpe

Ms-Cxx71-Xxxpe

Ms-Cxx72-Fipkg1

Ms-Cxx72-Rfipkg1

Ms-Cxx72-Xxxg1

Ms-Cxx72-Xxxpe

Ms-Cxx73-Xpd

Ms-Cxx74-Pa

Ms-Cxx75-Xxpd

Ms-Cxx76-Pe

Ms-Cxx83-Xpd

Ms-Nxxxx-Nxe

Ms-Nxxxx-Xxc

Ms-Nxxxx-Xxe

Ms-Nxxxx-Xxg

Ms-Nxxxx-Xxh

Ms-Nxxxx-Xxt

Pm3322-E

Pmc8266-Fgpe

Pmc8266-Fpe

Sc211

Sp111

Ts2841-X36Tpc

Ts2841-X36Tpc/W

Ts2866-X4Tgpc

Ts2866-X4Tpc

Ts2866-X4Tvpc

Ts2867-X5Tpc

Ts2961-X12Tpc

Ts2966-X12Tpe

Ts4441-X36Re

Ts4441-X36Rpe

Ts4466-Rfivpg1

Ts4466-X4Ripg1

Ts4466-X4Rivpg1

Ts4466-X4Riwg1

Ts4466-X4Rpe

Ts5366-X12Pe

Ts5366-X12Ripg1

Ts5510-Gh

Ts5510-Gvh

Ts5511-Gvh

Ts8266-Fpc/P

Ts8266-Rfivpg1

Ts8266-X4Pe

Ts8266-X4Ripg1

Ts8266-X4Rivpg1

Ts8266-X4Riwg1

Ts8266-X4Vpe

Ts8266-X4We

CVE-2026-28747

Weakness Enumeration

Related Identifiers

Affected Products

References · 4