Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.
9.8CVSS
9.6AI Score
0.005EPSS
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
9.8CVSS
9.3AI Score
0.013EPSS
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.
9.8CVSS
9.2AI Score
0.013EPSS
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
9.8CVSS
9.6AI Score
0.013EPSS
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
9.8CVSS
9.4AI Score
0.013EPSS