Common Weakness Enumeration

CWE-321

Allowed

Use of Hard-coded Cryptographic Key

Abstraction: Variant · Status: Draft

The product uses a hard-coded, unchangeable cryptographic key.

503 vulnerabilities reference this CWE, most recent first.

CVE-2026-39810 (GCVE-0-2026-39810)

Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 17:41
VLAI
Summary
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiClientEMS Affected: 7.4.3 , ≤ 7.4.5 (semver)
Affected: 7.4.0 , ≤ 7.4.1 (semver)
    cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39810",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T16:25:24.721264Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T16:46:15.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiClientEMS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T17:41:54.082Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-107",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-107"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiClientEMS version 7.4.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2026-39810",
    "datePublished": "2026-04-14T15:38:21.194Z",
    "dateReserved": "2026-04-07T15:24:09.072Z",
    "dateUpdated": "2026-04-14T17:41:54.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35019 (GCVE-0-2026-35019)

Vulnerability from cvelistv5 – Published: 2026-06-23 13:48 – Updated: 2026-07-14 20:00
VLAI
Title
NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass
Summary
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks to obtain full administrative control of the management interface while any legitimate administrator session is active.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
NetComm Wireless Pty Ltd NF20MESH Affected: 0 , < R6B032 (custom)
Create a notification for this product.
Date Public
2026-06-18 00:00
Credits
Brendan Scarvell of Signal 11
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T15:11:11.964483Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T15:11:17.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "NF20MESH",
          "vendor": "NetComm Wireless Pty Ltd",
          "versions": [
            {
              "lessThan": "R6B032",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:netcommwireless:nf20mesh:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "r6b032",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Brendan Scarvell of Signal 11"
        }
      ],
      "datePublic": "2026-06-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks to obtain full administrative control of the management interface while any legitimate administrator session is active."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T20:00:09.950Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://signal11.io/advisories/netcomm-nf20-mesh-authentication-bypass"
        },
        {
          "tags": [
            "release-notes",
            "patch"
          ],
          "url": "https://support.netcommwireless.com/api/Media/Firmware/4407c21d-e990-49a4-9754-b72475f20c76?Product=NF20MESH%20Release%20Notes.pdf"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://support.netcommwireless.com/products/nf20mesh#Firmware"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/netcomm-nf20mesh-r6b032-hardcoded-aes-key-authentication-bypass"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NetComm NF20MESH \u003c R6B032 Hardcoded AES Key Authentication Bypass",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-35019",
    "datePublished": "2026-06-23T13:48:49.972Z",
    "dateReserved": "2026-03-31T20:40:15.618Z",
    "dateUpdated": "2026-07-14T20:00:09.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34029 (GCVE-0-2026-34029)

Vulnerability from cvelistv5 – Published: 2026-06-15 10:05 – Updated: 2026-06-15 12:27
VLAI
Title
Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data
Summary
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of hard-coded cryptographic key
Assigner
References
Impacted products
Vendor Product Version
Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Affected: Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014
Create a notification for this product.
Credits
Christian Hager, SEC Consult Vulnerability Lab Gorazd Jank, SEC Consult Vulnerability Lab Philipp Espernberger, SEC Consult Vulnerability Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T12:27:00.108091Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T12:27:12.431Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)",
          "vendor": "Wertheim GmbH",
          "versions": [
            {
              "status": "affected",
              "version": "Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christian Hager, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Gorazd Jank, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Philipp Espernberger, SEC Consult Vulnerability Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The\u0026nbsp;Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files."
            }
          ],
          "value": "The\u00a0Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of hard-coded cryptographic key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T10:05:13.770Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://wertheim-safes.com/safe-deposit-box-management/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://r.sec-consult.com/wertheim"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vendor provides a patch which should be installed immediately. Specific fixed version information was not provided. Affected parties should contact the vendor to request the update."
            }
          ],
          "value": "The vendor provides a patch which should be installed immediately. Specific fixed version information was not provided. Affected parties should contact the vendor to request the update."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Restrict filesystem and backup access to the SafeController application installation directory and related configuration files. Ensure that application binaries, licence.whs, and configuration files are not exposed through web-accessible paths or document download functionality. Rotate affected keys and secrets where possible after installing the vendor-provided patch. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed."
            }
          ],
          "value": "Restrict filesystem and backup access to the SafeController application installation directory and related configuration files. Ensure that application binaries, licence.whs, and configuration files are not exposed through web-accessible paths or document download functionality. Rotate affected keys and secrets where possible after installing the vendor-provided patch. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2026-34029",
    "datePublished": "2026-06-15T10:05:13.770Z",
    "dateReserved": "2026-03-25T10:46:45.516Z",
    "dateUpdated": "2026-06-15T12:27:12.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34022 (GCVE-0-2026-34022)

Vulnerability from cvelistv5 – Published: 2026-06-15 10:02 – Updated: 2026-06-15 13:08
VLAI
Title
Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption
Summary
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of hard-coded cryptographic key
Assigner
Impacted products
Vendor Product Version
Wertheim GmbH Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller) Affected: Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319
Create a notification for this product.
Credits
Gorazd Jank, SEC Consult Vulnerability Lab Christian Hager, SEC Consult Vulnerability Lab Philipp Espernberger, SEC Consult Vulnerability Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34022",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T13:08:13.768516Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T13:08:17.437Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-wertheim-safecontroller-hardware-for-vault-rooms-safe-deposit-locker-system-microcontroller/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)",
          "vendor": "Wertheim GmbH",
          "versions": [
            {
              "status": "affected",
              "version": "Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gorazd Jank, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Christian Hager, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Philipp Espernberger, SEC Consult Vulnerability Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The\u0026nbsp;Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages."
            }
          ],
          "value": "The\u00a0Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-97",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-97 Cryptanalysis"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of hard-coded cryptographic key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T10:02:33.252Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://wertheim-safes.com/safe-deposit-boxes/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://r.sec-consult.com/wertdev"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No fix is available for this issue. The vendor stated that the encryption algorithm for Controller 65000 cannot be improved or fixed because of missing hardware support. Affected parties should assess the business risk and switch to a supported version if unsupported products are in use."
            }
          ],
          "value": "No fix is available for this issue. The vendor stated that the encryption algorithm for Controller 65000 cannot be improved or fixed because of missing hardware support. Affected parties should assess the business risk and switch to a supported version if unsupported products are in use."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Physically isolate all SafeController devices so that only authorized personnel can access them. Harden all connected systems that communicate with the controller, disable unnecessary services, and restrict access to authorized personnel only. Ensure that servers communicating with SafeController devices use strong, unique authentication credentials and are not accessible to unauthorized users. Maintain physical security of all interconnected components to prevent unauthorized access or tampering."
            }
          ],
          "value": "Physically isolate all SafeController devices so that only authorized personnel can access them. Harden all connected systems that communicate with the controller, disable unnecessary services, and restrict access to authorized personnel only. Ensure that servers communicating with SafeController devices use strong, unique authentication credentials and are not accessible to unauthorized users. Maintain physical security of all interconnected components to prevent unauthorized access or tampering."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2026-34022",
    "datePublished": "2026-06-15T10:02:33.252Z",
    "dateReserved": "2026-03-25T10:46:45.515Z",
    "dateUpdated": "2026-06-15T13:08:17.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33362 (GCVE-0-2026-33362)

Vulnerability from cvelistv5 – Published: 2026-05-11 16:04 – Updated: 2026-05-11 18:15
VLAI
Title
Meari SDK hardcoded cryptographic keys
Summary
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
Vendor Product Version
Meari com.meari.sdk Affected: firmID=8 (custom)
Create a notification for this product.
Date Public
2026-05-11 16:00
Credits
Sammy Azdoufal Tod Beardsley of runZero, Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33362",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T18:15:31.897348Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-11T18:15:45.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "com.meari.sdk",
          "vendor": "Meari",
          "versions": [
            {
              "status": "affected",
              "version": "firmID=8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sammy Azdoufal"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Tod Beardsley of runZero, Inc."
        }
      ],
      "datePublic": "2026-05-11T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps \u0026lt;= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys.\u003cbr\u003e"
            }
          ],
          "value": "In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps \u003c= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T16:04:16.704Z",
        "orgId": "44488dab-36db-4358-99f9-bc116477f914",
        "shortName": "runZero"
      },
      "references": [
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://github.com/xn0tsa/nobody-puts-baby-in-a-corner"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.runzero.com/advisories/meari-sdk-hardcoded-cryptographic-keys-cve-2026-33362/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Meari SDK hardcoded cryptographic keys",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
    "assignerShortName": "runZero",
    "cveId": "CVE-2026-33362",
    "datePublished": "2026-05-11T16:04:16.704Z",
    "dateReserved": "2026-03-19T00:27:05.987Z",
    "dateUpdated": "2026-05-11T18:15:45.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33266 (GCVE-0-2026-33266)

Vulnerability from cvelistv5 – Published: 2026-04-09 15:52 – Updated: 2026-04-10 18:49
VLAI
Title
Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt
Summary
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials. This issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache OpenMeetings Affected: 6.1.0 , < 9.0.0 (semver)
Create a notification for this product.
Credits
4ra2n (A code security AI agent)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-09T16:29:21.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33266",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T18:47:33.185349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T18:49:13.351Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache OpenMeetings",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "9.0.0",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "4ra2n (A code security AI agent)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUse of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.\u003c/p\u003e\u003cp\u003eThe remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn case OM admin hasn\u0027t changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 9.0.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.\n\nThe remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn\u0027t changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials.\n\n\nThis issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T15:52:36.105Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66"
        }
      ],
      "source": {
        "defect": [
          "OPENMEETINGS-2813"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-33266",
    "datePublished": "2026-04-09T15:52:36.105Z",
    "dateReserved": "2026-03-18T14:16:42.998Z",
    "dateUpdated": "2026-04-10T18:49:13.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32958 (GCVE-0-2026-32958)

Vulnerability from cvelistv5 – Published: 2026-04-20 03:19 – Updated: 2026-04-20 13:19
VLAI
Summary
SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of hard-coded cryptographic key
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T13:19:18.750535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T13:19:40.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SD-330AC",
          "vendor": "silex technology, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.42 and earlier"
            }
          ]
        },
        {
          "product": "AMC Manager",
          "vendor": "silex technology, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.5.0.2 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "Use of hard-coded cryptographic key",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-20T03:19:16.492Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.silex.jp/support/security-advisories/en/2026-001"
        },
        {
          "url": "https://www.silex.jp/support/security-advisories/2026-001"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU94271449/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2026-32958",
    "datePublished": "2026-04-20T03:19:16.492Z",
    "dateReserved": "2026-03-17T00:23:24.980Z",
    "dateUpdated": "2026-04-20T13:19:40.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32644 (GCVE-0-2026-32644)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:40 – Updated: 2026-04-28 14:45
VLAI
Title
Milesight Cameras Use of Hard-coded Cryptographic Key
Summary
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Milesight MS-Cxx63-PD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx64-xPD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx73-xPD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx75-xxPD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx83-xPD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx74-PA Affected: 0 , ≤ 3x.8.0.3-r11 (custom)
Create a notification for this product.
Milesight MS-C8477-HPG1 Affected: 0 , ≤ 63.8.0.4-r3 (custom)
Create a notification for this product.
Milesight MS-C8477-PC Affected: 0 , ≤ 48.8.0.4-r3 (custom)
Create a notification for this product.
Milesight MS-C5321-FPE Affected: 0 , ≤ 62.8.0.4-r5 (custom)
Create a notification for this product.
Milesight MS-Cxx72-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx62-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx52-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx66-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx66-xxxGPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx61-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx67-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx71-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx41-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx76-PE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx65-PE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx66-xxxG1 Affected: 0 , ≤ 63.8.0.5-r3 (custom)
Create a notification for this product.
Milesight MS-Cxx62-xxxG1 Affected: 0 , ≤ 63.8.0.5-r3 (custom)
Create a notification for this product.
Milesight MS-Cxx72-xxxG1 Affected: 0 , ≤ 63.8.0.5-r3 (custom)
Create a notification for this product.
Milesight MS-CQxx31-xxxG1 Affected: 0 , ≤ CQ_63.8.0.5-r1 (custom)
Create a notification for this product.
Milesight MS-CQxx68-xxxG1 Affected: 0 , ≤ CQ_63.8.0.5-r1 (custom)
Create a notification for this product.
Milesight MS-CQxx72-xxxG1 Affected: 0 , ≤ CQ_63.8.0.5-r1 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-NxE Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxC Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxE Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxG Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxH Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxT Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight PMC8266-FPE Affected: 0 , ≤ PO_61.8.0.4_LPR (custom)
Create a notification for this product.
Milesight PMC8266-FGPE Affected: 0 , ≤ PO_61.8.0.4_LPR (custom)
Create a notification for this product.
Milesight PM3322-E Affected: 0 , ≤ PI_61.8.0.3_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RIPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS5366-X12RIPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4RIPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RIVPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-RFIVPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4RIVPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-RFIVPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RIWG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4RIWG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS5510-GVH Affected: 0 , ≤ T_47.8.0.4_LPR-r7 (custom)
Create a notification for this product.
Milesight TS5510-GH Affected: 0 , ≤ T_47.8.0.4_LPR-r6 (custom)
Create a notification for this product.
Milesight TS5511-GVH Affected: 0 , ≤ T_47.8.0.4_LPR-r6 (custom)
Create a notification for this product.
Milesight TS2966-X12TPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS5366-X12PE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4PE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS2966-X12TVPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RVPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS5366-X12VPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4VPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4441-X36RPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4441-X36RE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RWE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4WE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight MS-C2964-RFLPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C2972-RFLPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C2966-RFLWPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2866-X4TPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2866-X4TVPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2866-X4TGPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2841-X36TPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2841-X36TPC/W Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2867-X5TPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2961-X12TPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS8266-FPC/P Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C2966-X12RLPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C2966-X12RLVPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C5366-X12LPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C5366-X12LVPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C5361-X12LPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-Cxx66-xxxxGOPC Affected: 0 , ≤ 45.8.0.2-AIoT-r4 (custom)
Create a notification for this product.
Milesight SC211 Affected: 0 , ≤ C_21.1.0.8-r4 (custom)
Create a notification for this product.
Milesight SP111 Affected: 0 , ≤ 52.8.0.4-r5 (custom)
Create a notification for this product.
Milesight MS-Cxx66-RFIPKG1 Affected: 0 , ≤ 63.8.0.4-r1-NX (custom)
Create a notification for this product.
Milesight MS-Cxx72-RFIPKG1 Affected: 0 , ≤ 63.8.0.4-r1-NX (custom)
Create a notification for this product.
Milesight MS-Cxx66-FIPKG1 Affected: 0 , ≤ 63.8.0.4-r1-NX (custom)
Create a notification for this product.
Milesight MS-Cxx72-FIPKG1 Affected: 0 , ≤ 63.8.0.4-r1-NX (custom)
Create a notification for this product.
Credits
Souvik Kandar reported these vulnerabilities to CISA
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32644",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T14:45:03.298830Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T14:45:19.107Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx63-PD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx64-xPD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx73-xPD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx75-xxPD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx83-xPD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx74-PA",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "3x.8.0.3-r11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C8477-HPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C8477-PC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "48.8.0.4-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C5321-FPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "62.8.0.4-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx72-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx62-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx52-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-xxxGPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx61-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx67-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx71-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx41-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx76-PE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx65-PE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.5-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx62-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.5-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx72-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.5-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-CQxx31-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "CQ_63.8.0.5-r1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-CQxx68-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "CQ_63.8.0.5-r1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-CQxx72-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "CQ_63.8.0.5-r1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-NxE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxG",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxH",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxT",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PMC8266-FPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "PO_61.8.0.4_LPR",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PMC8266-FGPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "PO_61.8.0.4_LPR",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM3322-E",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "PI_61.8.0.3_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RIPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5366-X12RIPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4RIPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RIVPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-RFIVPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4RIVPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-RFIVPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RIWG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4RIWG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5510-GVH",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_47.8.0.4_LPR-r7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5510-GH",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_47.8.0.4_LPR-r6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5511-GVH",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_47.8.0.4_LPR-r6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2966-X12TPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5366-X12PE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4PE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2966-X12TVPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RVPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5366-X12VPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4VPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4441-X36RPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4441-X36RE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RWE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4WE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2964-RFLPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2972-RFLPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2966-RFLWPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2866-X4TPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2866-X4TVPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2866-X4TGPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2841-X36TPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2841-X36TPC/W",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2867-X5TPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2961-X12TPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-FPC/P",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2966-X12RLPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2966-X12RLVPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C5366-X12LPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C5366-X12LVPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C5361-X12LPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-xxxxGOPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "45.8.0.2-AIoT-r4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SC211",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "C_21.1.0.8-r4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SP111",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "52.8.0.4-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-RFIPKG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r1-NX",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx72-RFIPKG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r1-NX",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-FIPKG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r1-NX",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx72-FIPKG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r1-NX",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Souvik Kandar reported these vulnerabilities to CISA"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eSpecific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.\u003c/span\u003e"
            }
          ],
          "value": "Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:40:25.181Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json"
        },
        {
          "url": "https://www.milesight.com/support/download/firmware"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMilesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.milesight.com/support/download/firmware\" title=\"(opens in a new window)\"\u003ehttps://www.milesight.com/support/download/firmware\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMS-Cxx63-PD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx64-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx73-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx75-xxPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx83-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx74-PA: Update to 3x.8.0.3-r13\u003c/p\u003e\u003cp\u003eMS-C8477-HPG1: Update to 63.8.0.4-r4\u003c/p\u003e\u003cp\u003e\u0026nbsp;MS-C8477-PC: Update to 48.8.0.4-r4\u003c/p\u003e\u003cp\u003eMS-C5321-FPE: Update to 62.8.0.4-r6\u003c/p\u003e\u003cp\u003eMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx76-PE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx65-PE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u0026nbsp;\u003c/p\u003e\u003cp\u003eMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003ePMC8266-FPE: Update to PO_61.8.0.4-r1\u003c/p\u003e\u003cp\u003ePMC8266-FGPE: Update to PO_61.8.0.4-r1\u003c/p\u003e\u003cp\u003ePM3322-E: Update to PI_61.8.0.3-r5\u003c/p\u003e\u003cp\u003eTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u0026nbsp;\u003c/p\u003e\u003cp\u003eTS5366-X12RIPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-RFIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-RFIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RIWG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIWG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5510-GVH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS5510-GH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS5511-GVH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS2966-X12TPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5366-X12PE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4PE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS2966-X12TVPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RVPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5366-X12VPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4VPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4441-X36RPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4441-X36RE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RWE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4WE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eMS-C2964-RFLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2972-RFLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TGPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2841-X36TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2841-X36TPC/W: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2867-X5TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2961-X12TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS8266-FPC/P: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5366-X12LPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5361-X12LPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\u003c/p\u003e\u003cp\u003eSC211: Update to C_21.1.0.8-r5\u003c/p\u003e\u003cp\u003eSP111: Update to 52.8.0.4-r6\u003c/p\u003e\u003cp\u003eMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e"
            }
          ],
          "value": "Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u00a0\n https://www.milesight.com/support/download/firmware \n\nMS-Cxx63-PD: Update to 51.7.0.77-r13\n\nMS-Cxx64-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx73-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx75-xxPD: Update to 51.7.0.77-r13\n\nMS-Cxx83-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx74-PA: Update to 3x.8.0.3-r13\n\nMS-C8477-HPG1: Update to 63.8.0.4-r4\n\n\u00a0MS-C8477-PC: Update to 48.8.0.4-r4\n\nMS-C5321-FPE: Update to 62.8.0.4-r6\n\nMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\n\nMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx76-PE: Update to 61.8.0.5-r2\n\nMS-Cxx65-PE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\n\nMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u00a0\n\nMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\n\nPMC8266-FPE: Update to PO_61.8.0.4-r1\n\nPMC8266-FGPE: Update to PO_61.8.0.4-r1\n\nPM3322-E: Update to PI_61.8.0.3-r5\n\nTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u00a0\n\nTS5366-X12RIPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS5510-GVH: Update to T_47.8.0.4-r8\n\nTS5510-GH: Update to T_47.8.0.4-r8\n\nTS5511-GVH: Update to T_47.8.0.4-r8\n\nTS2966-X12TPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RPE: Update to T_61.8.0.4-r4\n\nTS5366-X12PE: Update to T_61.8.0.4-r4\n\nTS8266-X4PE: Update to T_61.8.0.4-r4\n\nTS2966-X12TVPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RVPE: Update to T_61.8.0.4-r4\n\nTS5366-X12VPE: Update to T_61.8.0.4-r4\n\nTS8266-X4VPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RE: Update to T_61.8.0.4-r4\n\nTS4466-X4RWE: Update to T_61.8.0.4-r4\n\nTS8266-X4WE: Update to T_61.8.0.4-r4\n\nMS-C2964-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2972-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TVPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TGPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC/W: Update to T_45.8.0.3-r10\n\nTS2867-X5TPC: Update to T_45.8.0.3-r10\n\nTS2961-X12TPC: Update to T_45.8.0.3-r10\n\nTS8266-FPC/P: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\n\nMS-C5361-X12LPC: Update to T_45.8.0.3-r10\n\nMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\n\nSC211: Update to C_21.1.0.8-r5\n\nSP111: Update to 52.8.0.4-r6\n\nMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMilesight asks all users to report potential security vulnerabilities to security@milesight.com.\u003cbr\u003e\u003ca href=\"mailto:security@milesight.com\"\u003emailto:security@milesight.com\u003c/a\u003e\u003cbr\u003eLearn more: Milesight Vulnerability Reporting Policy\u003cbr\u003e\u003ca href=\"https://www.milesight.com/legal/vulnerability-report\" title=\"(opens in a new window)\"\u003ehttps://www.milesight.com/legal/vulnerability-report\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "Milesight asks all users to report potential security vulnerabilities to security@milesight.com.\n mailto:security@milesight.com \nLearn more: Milesight Vulnerability Reporting Policy\n https://www.milesight.com/legal/vulnerability-report"
        }
      ],
      "source": {
        "advisory": "ICSA-26-113-03",
        "discovery": "EXTERNAL"
      },
      "title": "Milesight Cameras Use of Hard-coded Cryptographic Key",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-32644",
    "datePublished": "2026-04-27T23:40:25.181Z",
    "dateReserved": "2026-03-12T17:51:09.896Z",
    "dateUpdated": "2026-04-28T14:45:19.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32324 (GCVE-0-2026-32324)

Vulnerability from cvelistv5 – Published: 2026-04-17 19:22 – Updated: 2026-04-17 20:10
VLAI
Title
Anviz CX7 Firmware Use of Hard-coded Cryptographic Key
Summary
Anviz CX7 Firmware is  vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
Anviz Anviz CX7 Firmware Affected: All versions
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32324",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T20:10:33.419297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-17T20:10:48.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Anviz CX7 Firmware",
          "vendor": "Anviz",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Anviz CX7 Firmware\u0026nbsp;is\u0026nbsp;\nvulnerable because the application embeds reusable certificate/key \nmaterial, enabling decryption of MQTT traffic and potential interaction \nwith device messaging channels at scale."
            }
          ],
          "value": "Anviz CX7 Firmware\u00a0is\u00a0\nvulnerable because the application embeds reusable certificate/key \nmaterial, enabling decryption of MQTT traffic and potential interaction \nwith device messaging channels at scale."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T19:22:12.097Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.anviz.com/contact-us.html"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
        }
      ],
      "source": {
        "advisory": "ICSA-26-106-03",
        "discovery": "EXTERNAL"
      },
      "title": "Anviz CX7 Firmware Use of Hard-coded Cryptographic Key",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
            }
          ],
          "value": "Anviz did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Anviz for more information at \nhttps://www.anviz.com/contact-us.html."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-32324",
    "datePublished": "2026-04-17T19:22:12.097Z",
    "dateReserved": "2026-04-14T15:47:54.287Z",
    "dateUpdated": "2026-04-17T20:10:48.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-31986 (GCVE-0-2026-31986)

Vulnerability from cvelistv5 – Published: 2026-05-19 09:34 – Updated: 2026-05-19 18:37
VLAI
Title
Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection
Summary
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache OFBiz Affected: 0 , < 24.09.06 (semver)
Create a notification for this product.
Credits
Lidor B / thisis0xczar of Novee Security
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-31986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T13:09:03.212311Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T13:41:46.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-19T18:37:20.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/19/25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache OFBiz",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "24.09.06",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Lidor B / thisis0xczar of Novee Security"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUse of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OFBiz: before 24.09.06.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 24.09.06, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T09:34:38.426Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/2hl9xoqm8tq8b22x6vnmtp7tg3opcqgc"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-31986",
    "datePublished": "2026-05-19T09:34:38.426Z",
    "dateReserved": "2026-03-10T16:21:27.187Z",
    "dateUpdated": "2026-05-19T18:37:20.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Prevention schemes mirror that of hard-coded password storage.

No CAPEC attack patterns related to this CWE.