Close Menu
    Subscribe
    Alerts

    Milesight Cameras | CISA

    adminBy No Comments6 Mins Read


    An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

    View CVE Details

    Affected Products

    Milesight Cameras

    Vendor:
    Milesight

    Product Version:
    Milesight MS-Cxx63-PD: <=51.7.0.77-r12, Milesight MS-Cxx64-xPD: <=51.7.0.77-r12, Milesight MS-Cxx73-xPD: <=51.7.0.77-r12, Milesight MS-Cxx75-xxPD: <=51.7.0.77-r12, Milesight MS-Cxx83-xPD: <=51.7.0.77-r12, Milesight MS-Cxx74-PA: <=3x.8.0.3-r11, Milesight MS-C8477-HPG1: <=63.8.0.4-r3, Milesight MS-C8477-PC: <=48.8.0.4-r3, Milesight MS-C5321-FPE: <=62.8.0.4-r5, Milesight MS-Cxx72-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx62-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx52-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxGPE: <=61.8.0.5-r2, Milesight MS-Cxx61-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx67-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx71-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx41-xxxPE: <=61.8.0.5-r2, Milesight MS-Cxx76-PE: <=61.8.0.5-r2, Milesight MS-Cxx65-PE: <=61.8.0.5-r2, Milesight MS-Cxx66-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx62-xxxG1: <=63.8.0.5-r3, Milesight MS-Cxx72-xxxG1: <=63.8.0.5-r3, Milesight MS-CQxx31-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx68-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-CQxx72-xxxG1: <=CQ_63.8.0.5-r1, Milesight MS-Nxxxx-NxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxC: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxE: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxG: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxH: <=7x.9.0.19-r5, Milesight MS-Nxxxx-xxT: <=7x.9.0.19-r5, Milesight PMC8266-FPE: <=PO_61.8.0.4_LPR, Milesight PMC8266-FGPE: <=PO_61.8.0.4_LPR, Milesight PM3322-E: <=PI_61.8.0.3_LPR-r3, Milesight TS4466-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS5366-X12RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-RFIVPG1: <=T_63.8.0.4_LPR-r3, Milesight TS4466-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS8266-X4RIWG1: <=T_63.8.0.4_LPR-r3, Milesight TS5510-GVH: <=T_47.8.0.4_LPR-r7, Milesight TS5510-GH: <=T_47.8.0.4_LPR-r6, Milesight TS5511-GVH: <=T_47.8.0.4_LPR-r6, Milesight TS2966-X12TPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12PE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4PE: <=T_61.8.0.4_LPR-r3, Milesight TS2966-X12TVPE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RVPE: <=T_61.8.0.4_LPR-r3, Milesight TS5366-X12VPE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4VPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RPE: <=T_61.8.0.4_LPR-r3, Milesight TS4441-X36RE: <=T_61.8.0.4_LPR-r3, Milesight TS4466-X4RWE: <=T_61.8.0.4_LPR-r3, Milesight TS8266-X4WE: <=T_61.8.0.4_LPR-r3, Milesight MS-C2964-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2972-RFLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-RFLWPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TVPC: <=T_45.8.0.3-r9, Milesight TS2866-X4TGPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC: <=T_45.8.0.3-r9, Milesight TS2841-X36TPC/W: <=T_45.8.0.3-r9, Milesight TS2867-X5TPC: <=T_45.8.0.3-r9, Milesight TS2961-X12TPC: <=T_45.8.0.3-r9, Milesight TS8266-FPC/P: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLPC: <=T_45.8.0.3-r9, Milesight MS-C2966-X12RLVPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LPC: <=T_45.8.0.3-r9, Milesight MS-C5366-X12LVPC: <=T_45.8.0.3-r9, Milesight MS-C5361-X12LPC: <=T_45.8.0.3-r9, Milesight MS-Cxx66-xxxxGOPC: <=45.8.0.2-AIoT-r4, Milesight SC211: <=C_21.1.0.8-r4, Milesight SP111: <=52.8.0.4-r5, Milesight MS-Cxx66-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-RFIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx66-FIPKG1: <=63.8.0.4-r1-NX, Milesight MS-Cxx72-FIPKG1: <=63.8.0.4-r1-NX

    Product Status:
    known_affected

    Remediations

    Mitigation
    Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware. 
    https://www.milesight.com/support/download/firmware

    Vendor fix
    MS-Cxx63-PD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

    Vendor fix
    MS-Cxx64-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

    Vendor fix
    MS-Cxx73-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

    Vendor fix
    MS-Cxx75-xxPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

    Vendor fix
    MS-Cxx83-xPD: 51.7.0.77-r12 and prior versions: Update to 51.7.0.77-r13

    Vendor fix
    MS-Cxx74-PA: 3x.8.0.3-r11 and prior versions: Update to 3x.8.0.3-r13

    Vendor fix
    MS-C8477-HPG1: 63.8.0.4-r3 and prior versions: Update to 63.8.0.4-r4

    Vendor fix
    MS-C8477-PC: 48.8.0.4-r3 and prior versions: Update to 48.8.0.4-r4

    Vendor fix
    MS-C5321-FPE: 62.8.0.4-r5 and prior versions: Update to 62.8.0.4-r6

    Vendor fix
    MS-Cxx72-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx62-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx52-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx66-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx66-xxxGPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx61-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx67-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx71-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx41-xxxPE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx76-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx65-PE: 61.8.0.5-r2 and prior versions: Update to 61.8.0.5-r2

    Vendor fix
    MS-Cxx66-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

    Vendor fix
    MS-Cxx62-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

    Vendor fix
    MS-Cxx72-xxxG1: 63.8.0.5-r3 and prior versions: Update to 63.8.0.5-r4

    Vendor fix
    MS-CQxx31-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

    Vendor fix
    MS-CQxx68-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

    Vendor fix
    MS-CQxx72-xxxG1: CQ_63.8.0.5-r1 and prior versions: Update to CQ_63.8.0.5-r2

    Vendor fix
    MS-Nxxxx-NxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

    Vendor fix
    MS-Nxxxx-xxC: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

    Vendor fix
    MS-Nxxxx-xxE: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

    Vendor fix
    MS-Nxxxx-xxG: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

    Vendor fix
    MS-Nxxxx-xxH: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

    Vendor fix
    MS-Nxxxx-xxT: 7x.9.0.19-r5 and prior versions: Update to 7x.9.0.19-r6

    Vendor fix
    PMC8266-FPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

    Vendor fix
    PMC8266-FGPE: PO_61.8.0.4_LPR and prior versions: Update to PO_61.8.0.4-r1

    Vendor fix
    PM3322-E: PI_61.8.0.3_LPR-r3 and prior versions: Update to PI_61.8.0.3-r5

    Vendor fix
    TS4466-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS5366-X12RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS8266-X4RIPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS4466-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS4466-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS8266-X4RIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS8266-RFIVPG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS4466-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS8266-X4RIWG1: T_63.8.0.4_LPR-r3 and prior versions: Update to T_63.8.0.4-r4

    Vendor fix
    TS5510-GVH: T_47.8.0.4_LPR-r7 and prior versions: Update to T_47.8.0.4-r8

    Vendor fix
    TS5510-GH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8

    Vendor fix
    TS5511-GVH: T_47.8.0.4_LPR-r6 and prior versions: Update to T_47.8.0.4-r8

    Vendor fix
    TS2966-X12TPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS4466-X4RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS5366-X12PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS8266-X4PE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS2966-X12TVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS4466-X4RVPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS5366-X12VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS8266-X4VPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS4441-X36RPE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS4441-X36RE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS4466-X4RWE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    TS8266-X4WE: T_61.8.0.4_LPR-r3 and prior versions: Update to T_61.8.0.4-r4

    Vendor fix
    MS-C2964-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    MS-C2972-RFLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    MS-C2966-RFLWPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    TS2866-X4TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    TS2866-X4TVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    TS2866-X4TGPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    TS2841-X36TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    TS2841-X36TPC/W: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    TS2867-X5TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    TS2961-X12TPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    TS8266-FPC/P: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    MS-C2966-X12RLPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    MS-C2966-X12RLVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    MS-C5366-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    MS-C5366-X12LVPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    MS-C5361-X12LPC: T_45.8.0.3-r9 and prior versions: Update to T_45.8.0.3-r10

    Vendor fix
    MS-Cxx66-xxxxGOPC: 45.8.0.2-AIoT-r4 and prior versions: Update to 45.8.0.2-AIoT-r5

    Vendor fix
    SC211: C_21.1.0.8-r4 and prior versions: Update to C_21.1.0.8-r5

    Vendor fix
    SP111: 52.8.0.4-r5 and prior versions: Update to 52.8.0.4-r6

    Vendor fix
    MS-Cxx66-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

    Vendor fix
    MS-Cxx72-RFIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

    Vendor fix
    MS-Cxx66-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

    Vendor fix
    MS-Cxx72-FIPKG1: 63.8.0.4-r1-NX and prior versions: Update to 63.8.0.5-r2-NX

    Mitigation
    Milesight asks all users to report potential security vulnerabilities to security@milesight.com.
    mailto:security@milesight.com

    Mitigation
    Learn more: Milesight Vulnerability Reporting Policy
    https://www.milesight.com/legal/vulnerability-report

    Relevant CWE: CWE-122 Heap-based Buffer Overflow

    Metrics



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.