CVE-2026-32644 Overview
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. This cryptographic vulnerability (CWE-321: Use of Hard-coded Cryptographic Key) allows attackers to potentially intercept, decrypt, and manipulate encrypted communications between the cameras and legitimate users or management systems. Since the private keys are shared across devices with the same firmware, any attacker who extracts the key from one device can compromise communications for all affected devices.
Critical Impact
Network-accessible attackers can decrypt SSL/TLS traffic, perform man-in-the-middle attacks, and potentially gain unauthorized access to camera feeds and administrative interfaces across all affected Milesight AIOT cameras.
Affected Products
- Milesight AIOT cameras (specific firmware versions)
- Milesight IoT surveillance devices with vulnerable SSL certificate configurations
- Industrial IoT camera deployments using default security configurations
Discovery Timeline
- 2026-04-28 - CVE CVE-2026-32644 published to NVD
- 2026-04-28 - Last updated in NVD database
Technical Details for CVE-2026-32644
Vulnerability Analysis
This vulnerability stems from the use of hard-coded cryptographic keys in Milesight AIOT camera firmware. When manufacturers embed default SSL/TLS private keys into device firmware, every device shipped with that firmware version shares the same cryptographic identity. This fundamentally breaks the security model of public key cryptography, which relies on private keys remaining secret and unique to each entity.
The vulnerability is classified under CWE-321 (Use of Hard-coded Cryptographic Key), a well-documented weakness in embedded systems and IoT devices. The network attack vector means that any attacker with network access to affected cameras can potentially exploit this vulnerability without requiring any prior authentication or user interaction.
Root Cause
The root cause is the inclusion of static, default SSL certificate private keys within the camera firmware rather than generating unique cryptographic key pairs during device initialization or first-boot setup. This is a common practice in IoT manufacturing to simplify deployment but creates significant security risks when these keys can be extracted from publicly available firmware images or physical device access.
Attack Vector
An attacker can exploit this vulnerability through several attack paths:
Firmware Analysis: Download publicly available firmware updates from the Milesight support portal and extract the embedded private keys using standard reverse engineering tools.
Man-in-the-Middle Attack: Position themselves on the network path between legitimate users and the camera, then use the extracted private key to decrypt HTTPS traffic in real-time.
Traffic Interception: Passively capture encrypted traffic and decrypt it offline using the known private key, potentially exposing login credentials, video streams, and administrative commands.
Impersonation: Use the default certificate to set up a rogue device or proxy that appears legitimate to users and management systems.
The attack requires network access to affected devices, which in IoT/ICS environments may include critical infrastructure networks. Refer to the CISA ICS Advisory ICSA-26-113-03 for detailed technical guidance.
Detection Methods for CVE-2026-32644
Indicators of Compromise
- SSL/TLS certificates on Milesight AIOT cameras matching known default certificate fingerprints
- Multiple cameras presenting identical SSL certificate serial numbers or public key hashes
- Network traffic patterns indicating man-in-the-middle activity targeting camera communications
- Unauthorized access to camera administrative interfaces or video streams
Detection Strategies
- Inventory all Milesight AIOT cameras and audit their SSL certificate configurations for uniqueness
- Compare certificate fingerprints across devices to identify those using shared default certificates
- Deploy network monitoring to detect TLS interception attempts or certificate anomalies
- Implement certificate transparency monitoring for certificates associated with camera infrastructure
Monitoring Recommendations
- Enable logging on network devices to capture SSL/TLS handshake metadata from camera communications
- Monitor for unexpected certificate changes or certificate warnings from camera management systems
- Set up alerts for network traffic between cameras and unexpected external IP addresses
- Review authentication logs for suspicious access patterns to camera administrative interfaces
How to Mitigate CVE-2026-32644
Immediate Actions Required
- Identify all Milesight AIOT cameras in your environment and determine their firmware versions
- Isolate vulnerable cameras from untrusted network segments until patched
- Regenerate or replace SSL certificates on affected devices with unique, properly generated certificates
- Review access logs for any signs of unauthorized access or traffic interception
Patch Information
Milesight has released updated firmware to address this vulnerability. Administrators should download the latest firmware from the Milesight Firmware Download portal and apply updates to all affected devices. Additional technical details are available in the GitHub CSAF JSON Document.
Workarounds
- Segment camera networks using VLANs and firewall rules to limit exposure
- Implement VPN tunnels for all remote camera access to add an additional encryption layer
- Manually generate and install unique SSL certificates on each camera if firmware update is not immediately available
- Restrict network access to camera management interfaces to trusted IP ranges only
- Consider deploying a reverse proxy with proper SSL termination in front of camera web interfaces
# Example: Generate a unique SSL certificate for camera replacement
openssl req -x509 -newkey rsa:2048 -keyout camera_key.pem -out camera_cert.pem -days 365 -nodes -subj "/CN=milesight-camera-01"
# Upload the generated certificate to the camera via administrative interface
# Consult Milesight documentation for certificate installation procedures
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
