CVE-2023-23546

🗓️ 06 Jul 2023 15:11:15Reported by talosType

A misconfiguration vulnerability in urvpn_client of Milesight UR32L v32.3.0.5 allows for a man-in-the-middle attack, leading to increased privileges

Reporter	Title	Published	Views	Family All 8
Talos	Milesight UR32L urvpn_client Certificate Validation vulnerability	6 Jul 202300:00	–	talos
CNVD	Milesight UR32L urvpn_client function misconfiguration vulnerability	10 Jul 202300:00	–	cnvd
Vulnrichment	CVE-2023-23546	6 Jul 202314:53	–	vulnrichment
Cvelist	CVE-2023-23546	6 Jul 202314:53	–	cvelist
NVD	CVE-2023-23546	6 Jul 202315:15	–	nvd
Prion	Privilege escalation	6 Jul 202315:15	–	prion
Talos Blog	Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain	6 Jul 202315:38	–	talosblog
Talos Blog	The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter	2 Aug 202312:00	–	talosblog

Nvd

Vulners

Node

milesight ur32l_firmwareMatch32.3.0.5

AND

milesight ur32lMatch-

[
  {
    "vendor": "Milesight",
    "product": "UR32L",
    "versions": [
      {
        "version": "v32.3.0.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2023-1705
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2023-1705

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Jul 2023 15:15Current

8.2High risk

Vulners AI Score8.2

CVSS34.2 - 8.1

EPSS0.002

SSVC

CWE-295