Milesight Security Vulnerabilities (CVEs)
Track 38 security vulnerabilities affecting Milesight products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
MileSight DeviceHub uses insufficiently random values for authentication, potentially allowing attackers to bypass authentication mechanisms. This aff...
Jun 2, 2024CVE-2024-27776 is a critical path traversal vulnerability in MileSight DeviceHub that allows unauthenticated attackers to execute arbitrary code on af...
Jun 2, 2024This vulnerability allows attackers to upload arbitrary firmware to Milesight UR32L routers through the luci2-io file-import functionality. Attackers ...
May 1, 2024This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023Two OS command injection vulnerabilities in the zebra vlan_name functionality of Milesight UR32L routers allow remote attackers to execute arbitrary c...
Jul 6, 2023This vulnerability allows authenticated attackers to execute arbitrary code on Milesight UR32L routers by sending specially crafted HTTP requests that...
Jul 6, 2023Multiple buffer overflow vulnerabilities in the vtysh_ubus binary of Milesight UR32L routers allow arbitrary code execution via specially crafted HTTP...
Jul 6, 2023This vulnerability allows authenticated attackers to execute arbitrary code on Milesight UR32L routers by sending specially crafted HTTP requests that...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers to execute arbitrary code on Milesight UR32L routers by exploiting buffer overflows in the vtysh_ubu...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023Multiple buffer overflow vulnerabilities in the vtysh_ubus binary of Milesight UR32L routers allow arbitrary code execution via specially crafted HTTP...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This CVE describes multiple buffer overflow vulnerabilities in the vtysh_ubus binary of Milesight UR32L routers, caused by unsafe sprintf usage. Attac...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially crafted HTTP reques...
Jul 6, 2023This CVE describes two OS command injection vulnerabilities in the Milesight UR32L router's vtysh_ubus toolsh_excute functionality. Attackers can exec...
Jul 6, 2023Two OS command injection vulnerabilities in Milesight UR32L routers allow remote attackers to execute arbitrary commands via specially crafted TCP pac...
Jul 6, 2023This CVE describes an OS command injection vulnerability in the ys_thirdparty system_user_script functionality of Milesight UR32L routers. Attackers c...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially craft...
Jul 6, 2023This CVE describes an OS command injection vulnerability in Milesight VPN's liburvpn.so library that allows remote attackers to execute arbitrary comm...
Jul 6, 2023This CVE describes an OS command injection vulnerability in the libzebra.so library's change_hostname function in Milesight UR32L routers. Attackers c...
Jul 6, 2023This CVE describes an OS command injection vulnerability in the Milesight UR32L router's user deletion functionality. Attackers can execute arbitrary ...
Jul 6, 2023A buffer overflow vulnerability in the uhttpd login functionality of Milesight UR32L routers allows remote attackers to execute arbitrary code by send...
Jul 6, 2023A stack-based buffer overflow vulnerability in the libzebra.so library of Milesight UR32L routers allows authenticated attackers to execute arbitrary ...
Jul 6, 2023This CVE describes an OS command injection vulnerability in the Milesight UR32L router's vtysh_ubus _get_fw_logs functionality. Attackers can execute ...
Jul 6, 2023This SQL injection vulnerability in Milesight VPN v2.0.2 allows attackers to bypass authentication by sending specially crafted network requests to th...
Jul 6, 2023Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request, allowing attackers to obtain authentication information. ...
May 8, 2023This vulnerability allows remote attackers to take over administrator accounts on Milesight NVR devices through a weak password reset mechanism in the...
Apr 28, 2023Why Monitor Milesight Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 38+ known vulnerabilities affecting Milesight products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Milesight packages in under 60 seconds. No agents required - completely agentless scanning that works across Milesight deployments.
Free vulnerability database: Access detailed information about every Milesight CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Milesight CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
