Milesight Security Notice – HTTP API Vulnerability in NVR Products

Date: 2025-04-29

At Milesight, we take product security seriously. As part of our ongoing commitment to safeguarding users and systems, we continuously monitor for potential vulnerabilities and act swiftly to mitigate risks.

A recent internal security review has identified a vulnerability in the HTTP API interface of Milesight NVR devices. This issue may arise if the HTTP port is exposed to the public network (for instance, via port forwarding). Under such configurations, an attacker could potentially exploit the device to launch attacks on other networked systems.

Risk Overview

Remediation

An updated firmware version has been developed to eliminate this vulnerability. We advise all users to upgrade their devices promptly.

Next Steps for Users

Reporting Security Issues

We encourage all users and partners to report potential security vulnerabilities to help us maintain the integrity of Milesight products.

Please submit reports using the following format:

If you are interested in Milesight, please leave us a message.

Verify Code

Contact Us

Contact Us

Verify Code

Contact Us to Get More Information