CVE-2026-28747 Milesight CVE debrief

Who should care

Security teams, OT/physical security operators, system integrators, and asset owners responsible for Milesight camera deployments should review this advisory, especially if they manage the listed firmware branches or devices in sensitive environments.

Technical summary

The CISA CSAF advisory describes a weak key generation vulnerability in specific Milesight AIOT camera firmware. Weak key generation can undermine the strength of cryptographic protections used by the device. The advisory lists multiple affected product lines and corresponding fixed firmware releases, with Milesight directing users to install the latest firmware available from its support download portal.

Defensive priority

High priority for affected fleets. Identify exact models and firmware versions, apply the vendor-fixed firmware as soon as practical, and verify that deployed devices match the advisory’s affected scope.

Recommended defensive actions

• Inventory Milesight camera models and firmware versions against the advisory’s affected product list.
• Apply the vendor firmware updates listed in the CSAF remediation entries for each affected model.
• Use Milesight’s official firmware download channel referenced in the advisory to obtain fixes.
• Confirm remediation by rechecking firmware versions after upgrade.
• Prioritize internet-reachable or operationally important camera deployments for faster remediation.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory ICSA-26-113-03 for CVE-2026-28747, published and modified on 2026-04-23. The source states a weak key generation vulnerability in specific Milesight AIOT camera firmware and provides vendor remediation guidance. Supplied enrichment marks the issue as non-KEV and does not note ransomware campaign use. The vendor field in the prompt is low-confidence/raw and should be validated against the advisory and local asset inventory.

Official resources