The Milesight UR32L is a 4G industrial router from China’s Milesight. The Milesight UR32L vtysh_ubus toolsh_excute.constprop.1 feature suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system.