CVE-2026-20766

Summary

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

Affected Software

VendorProductVersion RangeStatus
MilesightMS-Cxx63-PD0 <= 51.7.0.77-r12affected
MilesightMS-Cxx64-xPD0 <= 51.7.0.77-r12affected
MilesightMS-Cxx73-xPD0 <= 51.7.0.77-r12affected
MilesightMS-Cxx75-xxPD0 <= 51.7.0.77-r12affected
MilesightMS-Cxx83-xPD0 <= 51.7.0.77-r12affected
MilesightMS-Cxx74-PA0 <= 3x.8.0.3-r11affected
MilesightMS-C8477-HPG10 <= 63.8.0.4-r3affected
MilesightMS-C8477-PC0 <= 48.8.0.4-r3affected
MilesightMS-C5321-FPE0 <= 62.8.0.4-r5affected
MilesightMS-Cxx72-xxxPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx62-xxxPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx52-xxxPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx66-xxxPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx66-xxxGPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx61-xxxPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx67-xxxPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx71-xxxPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx41-xxxPE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx76-PE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx65-PE0 <= 61.8.0.5-r2affected
MilesightMS-Cxx66-xxxG10 <= 63.8.0.5-r3affected
MilesightMS-Cxx62-xxxG10 <= 63.8.0.5-r3affected
MilesightMS-Cxx72-xxxG10 <= 63.8.0.5-r3affected
MilesightMS-CQxx31-xxxG10 <= CQ_63.8.0.5-r1affected
MilesightMS-CQxx68-xxxG10 <= CQ_63.8.0.5-r1affected
MilesightMS-CQxx72-xxxG10 <= CQ_63.8.0.5-r1affected
MilesightMS-Nxxxx-NxE0 <= 7x.9.0.19-r5affected
MilesightMS-Nxxxx-xxC0 <= 7x.9.0.19-r5affected
MilesightMS-Nxxxx-xxE0 <= 7x.9.0.19-r5affected
MilesightMS-Nxxxx-xxG0 <= 7x.9.0.19-r5affected
MilesightMS-Nxxxx-xxH0 <= 7x.9.0.19-r5affected
MilesightMS-Nxxxx-xxT0 <= 7x.9.0.19-r5affected
MilesightPMC8266-FPE0 <= PO_61.8.0.4_LPRaffected
MilesightPMC8266-FGPE0 <= PO_61.8.0.4_LPRaffected
MilesightPM3322-E0 <= PI_61.8.0.3_LPR-r3affected
MilesightTS4466-X4RIPG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS5366-X12RIPG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS8266-X4RIPG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS4466-X4RIVPG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS4466-RFIVPG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS8266-X4RIVPG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS8266-RFIVPG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS4466-X4RIWG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS8266-X4RIWG10 <= T_63.8.0.4_LPR-r3affected
MilesightTS5510-GVH0 <= T_47.8.0.4_LPR-r7affected
MilesightTS5510-GH0 <= T_47.8.0.4_LPR-r6affected
MilesightTS5511-GVH0 <= T_47.8.0.4_LPR-r6affected
MilesightTS2966-X12TPE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS4466-X4RPE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS5366-X12PE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS8266-X4PE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS2966-X12TVPE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS4466-X4RVPE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS5366-X12VPE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS8266-X4VPE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS4441-X36RPE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS4441-X36RE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS4466-X4RWE0 <= T_61.8.0.4_LPR-r3affected
MilesightTS8266-X4WE0 <= T_61.8.0.4_LPR-r3affected
MilesightMS-C2964-RFLPC0 <= T_45.8.0.3-r9affected
MilesightMS-C2972-RFLPC0 <= T_45.8.0.3-r9affected
MilesightMS-C2966-RFLWPC0 <= T_45.8.0.3-r9affected
MilesightTS2866-X4TPC0 <= T_45.8.0.3-r9affected
MilesightTS2866-X4TVPC0 <= T_45.8.0.3-r9affected
MilesightTS2866-X4TGPC0 <= T_45.8.0.3-r9affected
MilesightTS2841-X36TPC0 <= T_45.8.0.3-r9affected
MilesightTS2841-X36TPC/W0 <= T_45.8.0.3-r9affected
MilesightTS2867-X5TPC0 <= T_45.8.0.3-r9affected
MilesightTS2961-X12TPC0 <= T_45.8.0.3-r9affected
MilesightTS8266-FPC/P0 <= T_45.8.0.3-r9affected
MilesightMS-C2966-X12RLPC0 <= T_45.8.0.3-r9affected
MilesightMS-C2966-X12RLVPC0 <= T_45.8.0.3-r9affected
MilesightMS-C5366-X12LPC0 <= T_45.8.0.3-r9affected
MilesightMS-C5366-X12LVPC0 <= T_45.8.0.3-r9affected
MilesightMS-C5361-X12LPC0 <= T_45.8.0.3-r9affected
MilesightMS-Cxx66-xxxxGOPC0 <= 45.8.0.2-AIoT-r4affected
MilesightSC2110 <= C_21.1.0.8-r4affected
MilesightSP1110 <= 52.8.0.4-r5affected
MilesightMS-Cxx66-RFIPKG10 <= 63.8.0.4-r1-NXaffected
MilesightMS-Cxx72-RFIPKG10 <= 63.8.0.4-r1-NXaffected
MilesightMS-Cxx66-FIPKG10 <= 63.8.0.4-r1-NXaffected
MilesightMS-Cxx72-FIPKG10 <= 63.8.0.4-r1-NXaffected

Weaknesses

  • CWE-122: CWE-122

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References