🎯Basically, some Milesight Cameras have weaknesses that hackers can exploit to take control or crash them.
What Happened
Milesight Cameras have been found to have multiple vulnerabilities that could lead to severe security issues. Successful exploitation of these vulnerabilities could cause the device to crash or allow remote code execution, putting users at risk.
Who's Affected
The vulnerabilities affect several models of Milesight Cameras, particularly those running specific firmware versions. The affected models include:
MS-Cxx63-PD <=51.7.0.77-r12
MS-Cxx64-xPD <=51.7.0.77-r12
MS-Cxx73-xPD <=51.7.0.77-r12
MS-Cxx75-xxPD <=51.7.0.77-r12
MS-Cxx83-xPD <=51.7.0.77-r12
And many others
What Data Was Exposed
While the specific data types exposed have not been detailed, the potential for remote code execution means that attackers could gain unauthorized access to the camera's functions, potentially leading to unauthorized video feeds or manipulation of the device.
What You Should Do
Milesight advises all users to update their devices to the latest firmware versions immediately. The updates are available on their official support page. Here are the recommended updates:
Containment
- 1.Update MS-Cxx63-PD from 51.7.0.77-r12 to 51.7.0.77-r13
- 2.Update MS-Cxx64-xPD from 51.7.0.77-r12 to 51.7.0.77-r13
Remediation
- 3.Update MS-Cxx73-xPD from 51.7.0.77-r12 to 51.7.0.77-r13
- 4.Follow similar steps for other affected models as listed in the advisory.
Background
These vulnerabilities are part of a broader concern regarding the security of Internet of Things (IoT) devices, particularly those used in critical infrastructure sectors. Users must remain vigilant and ensure their devices are regularly updated to protect against potential threats.
🔒 Pro insight: The vulnerabilities in Milesight Cameras highlight the ongoing risks associated with IoT devices in critical infrastructure sectors.
