PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28747 Raw CVE debrief

CVE-2026-28747 affects specific Milesight AIOT camera firmware and involves weak key generation. CISA’s advisory points administrators to vendor firmware updates for the impacted models. Based on the supplied enrichment, it is not listed in CISA KEV, so this is best treated as a high-priority patching and asset-validation issue rather than a confirmed active-exploitation case.

Vendor
Raw
Product
Milesight MS-Cxx63-PD <=51.7.0.77-r12 MS-Cxx64-xPD MS-Cxx73-xPD MS-Cxx75-xxPD MS-Cxx83-xPD MS-Cxx74-PA <=3x.8.0.3-r11 MS-C8477-HPG1 <=63.8.0.4-r3 MS-C8477-PC <=48.8.0.4-r3 MS-C5321-FPE <=62.8.0.4-r5 MS-Cxx72-xxxPE <=61.8.0.5-r2 MS-Cxx62-xxxPE MS-Cxx52-xxxPE MS-Cxx66-xxxPE MS-Cxx66-xxxGPE MS-Cxx61-xxxPE MS-Cxx67-xxxPE MS-Cxx71-xxxPE MS-Cxx41-xxxPE MS-Cxx76-PE MS-Cxx65-PE MS-Cxx66-xxxG1 <=63.8.0.5-r3 MS-Cxx62-xxxG1 MS-Cxx72-xxxG1 MS-CQxx31-xxxG1 <=CQ_63.8.0.5-r1 MS-CQxx68-xxxG1 MS-CQxx72-xxxG1 MS-Nxxxx-NxE <=7x.9.0.19-r5 MS-Nxxxx-xxC MS-Nxxxx-xxE MS-Nxxxx-xxG MS-Nxxxx-xxH MS-Nxxxx-xxT PMC8266-FPE <=PO_61.8.0.4_LPR PMC8266-FGPE PM3322-E <=PI_61.8.0.3_LPR-r3 TS4466-X4RIPG1 <=T_63.8.0.4_LPR-r3 TS5366-X12RIPG1 TS8266-X4RIPG1 TS4466-X4RIVPG1 TS4466-RFIVPG1 TS8266-X4RIVPG1 TS8266-RFIVPG1 TS4466-X4RIWG1 TS8266-X4RIWG1 TS5510-GVH <=T_47.8.0.4_LPR-r7 TS5510-GH <=T_47.8.0.4_LPR-r6 TS5511-GVH TS2966-X12TPE <=T_61.8.0.4_LPR-r3 TS4466-X4RPE TS5366-X12PE TS8266-X4PE TS2966-X12TVPE TS4466-X4RVPE TS5366-X12VPE TS8266-X4VPE TS4441-X36RPE TS4441-X36RE TS4466-X4RWE TS8266-X4WE MS-C2964-RFLPC <=T_45.8.0.3-r9 MS-C2972-RFLPC MS-C2966-RFLWPC TS2866-X4TPC
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-23
Original CVE updated
2026-04-23
Advisory published
2026-04-23
Advisory updated
2026-04-23

Who should care

Security teams, OT/physical security operators, system integrators, and asset owners responsible for Milesight camera deployments should review this advisory, especially if they manage the listed firmware branches or devices in sensitive environments.

Technical summary

The CISA CSAF advisory describes a weak key generation vulnerability in specific Milesight AIOT camera firmware. Weak key generation can undermine the strength of cryptographic protections used by the device. The advisory lists multiple affected product lines and corresponding fixed firmware releases, with Milesight directing users to install the latest firmware available from its support download portal.

Defensive priority

High priority for affected fleets. Identify exact models and firmware versions, apply the vendor-fixed firmware as soon as practical, and verify that deployed devices match the advisory’s affected scope.

Recommended defensive actions

  • Inventory Milesight camera models and firmware versions against the advisory’s affected product list.
  • Apply the vendor firmware updates listed in the CSAF remediation entries for each affected model.
  • Use Milesight’s official firmware download channel referenced in the advisory to obtain fixes.
  • Confirm remediation by rechecking firmware versions after upgrade.
  • Prioritize internet-reachable or operationally important camera deployments for faster remediation.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory ICSA-26-113-03 for CVE-2026-28747, published and modified on 2026-04-23. The source states a weak key generation vulnerability in specific Milesight AIOT camera firmware and provides vendor remediation guidance. Supplied enrichment marks the issue as non-KEV and does not note ransomware campaign use. The vendor field in the prompt is low-confidence/raw and should be validated against the advisory and local asset inventory.

Official resources

Publicly disclosed by CISA in advisory ICSA-26-113-03 on 2026-04-23, matching the supplied CVE publication and modification timestamps. The supplied enrichment does not place it in CISA KEV.