CVE 2016-2359
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
See the 
CVE page on Mitre.org
for more details.
