Vulnerabilities > Milesight > IP Security Camera Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-10-25 CVE-2016-2356 Classic Buffer Overflow vulnerability in Milesight IP Security Camera Firmware 20161114
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.
network
low complexity
milesight CWE-120
critical
 9.8
9.8
2019-10-25 CVE-2016-2357 Use of Hard-coded Credentials vulnerability in Milesight IP Security Camera Firmware 20161114
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
network
low complexity
milesight CWE-798
critical
 9.8
9.8
2019-10-25 CVE-2016-2358 Use of Hard-coded Credentials vulnerability in Milesight IP Security Camera Firmware 20161114
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials.
network
low complexity
milesight CWE-798
critical
 9.8
9.8
2019-10-25 CVE-2016-2359 Improper Authentication vulnerability in Milesight IP Security Camera Firmware 20161114
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
network
low complexity
milesight CWE-287
critical
 9.8
9.8
2019-10-25 CVE-2016-2360 Use of Hard-coded Credentials vulnerability in Milesight IP Security Camera Firmware 20161114
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
network
low complexity
milesight CWE-798
critical
 9.8
9.8