Cyber Posture

CVE-2026-27785

High

Published: 28 April 2026

Published
28 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27785 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Cisa (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Default Accounts (T1078.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the hard-coded credentials vulnerability through timely application of vendor-provided firmware updates.

IA-5 Authenticator Management good match
prevent

Requires management of authenticators including changing default credentials, preventing exploitation of hard-coded ones.

AC-2 Account Management partial match
prevent

Enables identification, modification, or disabling of accounts associated with hard-coded credentials to limit unauthorized access.

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
Why these techniques?

Hard-coded credentials (CWE-798) in the device firmware directly enable use of default/valid accounts for unauthenticated adjacent-network access and full device control.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

Deeper analysisAI

CVE-2026-27785 is a vulnerability in specific firmware versions of Milesight AIOT camera firmware that contains hard-coded credentials, corresponding to CWE-798: Use of Hard-coded Credentials. Published on 2026-04-28, it carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential for significant unauthorized access.

An attacker with adjacent network access, such as on the same local network segment or via physical proximity, can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability of the affected camera device, potentially allowing full control through the hard-coded credentials.

CISA's ICS Advisory ICSA-26-113-03, detailed at https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03 and in the CSAF JSON at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json, provides further guidance. Milesight offers firmware updates for mitigation at https://www.milesight.com/support/download/firmware.

Details

CWE(s)
CWE-798

Affected Products

Cisa
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-24346Shared CWE-798
CVE-2024-51547Shared CWE-798
CVE-2025-30122Shared CWE-798
CVE-2026-23781Shared CWE-798
CVE-2026-26218Shared CWE-798
CVE-2026-25803Shared CWE-798
CVE-2026-29119Shared CWE-798
CVE-2025-33089Shared CWE-798
CVE-2026-22900Shared CWE-798
CVE-2025-2343Shared CWE-798

References