CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

738 matches found

Vulnrichment•added 2023/07/06 2:53 p.m.•16 views

CVE-2023-24520

Two OS command injection vulnerability exist in the vtyshubus toolshexcute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...

8.8CVSS8.9AI score0.0345EPSS

Exploits1References1

Vulnrichment•added 2023/07/06 2:53 p.m.•13 views

CVE-2023-24519

8.8CVSS8.9AI score0.0345EPSS

Exploits1References1

Cvelist•added 2023/07/06 2:53 p.m.•40 views

CVE-2023-24519

8.8CVSS9.1AI score0.0345EPSS

Exploits1References1

Cvelist•added 2023/07/06 2:53 p.m.•37 views

CVE-2023-24520

8.8CVSS9.1AI score0.0345EPSS

Exploits1References1

CVE•added 2023/07/06 2:53 p.m.•39 views

CVE-2023-24520

Milesight UR32L (v32.3.0.5) contains multiple OS command injection vulnerabilities described by Talos (CVE-2023-24519, CVE-2023-24520) in the vtysh_ubus toolsh_excute.constprop.1 path (e.g., traceroute/ping) and related HTTP/server-side components. Exploitation can occur via specially crafted net...

8.8CVSS9.2AI score0.0345EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/07/06 2:53 p.m.•17 views

CVE-2023-22299

An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

8.8CVSS7.3AI score0.03482EPSS

Exploits1References1

Cvelist•added 2023/07/06 2:53 p.m.•19 views

CVE-2023-22299

8.8CVSS9.1AI score0.03482EPSS

Exploits1References1

Cvelist•added 2023/07/06 2:53 p.m.•24 views

CVE-2023-24582

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

8.8CVSS9.3AI score0.02926EPSS

Exploits1References1

Vulnrichment•added 2023/07/06 2:53 p.m.•22 views

CVE-2023-24583

8.8CVSS9.1AI score0.02926EPSS

Exploits1References1

Cvelist•added 2023/07/06 2:53 p.m.•18 views

CVE-2023-22365

An OS command injection vulnerability exists in the ysthirdparty checksystemuser functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability...

7.2CVSS7.3AI score0.02092EPSS

Exploits0References1

Cvelist•added 2023/07/06 2:53 p.m.•33 views

CVE-2023-24583

8.8CVSS9.3AI score0.02926EPSS

Exploits1References1

Cvelist•added 2023/07/06 2:53 p.m.•41 views

CVE-2023-25583

Two OS command injection vulnerabilities exist in the zebra vlanname functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch...

7.2CVSS7.7AI score0.03396EPSS

Exploits1References1

Vulnrichment•added 2023/07/06 2:53 p.m.•12 views

CVE-2023-25582

7.2CVSS7.6AI score0.03396EPSS

Exploits1References1

Vulnrichment•added 2023/07/06 2:53 p.m.•16 views

CVE-2023-25583

7.2CVSS7.9AI score0.03396EPSS

Exploits1References1

Cvelist•added 2023/07/06 2:53 p.m.•21 views

CVE-2023-25582

7.2CVSS7.6AI score0.03396EPSS

Exploits1References1

Positive Technologies•added 2023/07/06 12:0 a.m.•6 views

PT-2023-19666 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: A command injection issue exists in the vtysh ubus tool's toolsh excute.constprop.1 functionality, specifically within the ping tool utility. This allows an attacker to execute commands by sending...

8.8CVSS9.3AI score0.0345EPSS

Exploits1References3

CNNVD•added 2023/07/06 12:0 a.m.•4 views

Milesight UR32L 安全漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. An access control error vulnerability exists in the Milesight UR32L eventcore feature, which can be exploited by an attacker to cause a denial of service via a specially crafted network request...

7.5CVSS6.6AI score0.00934EPSS

Exploits1References3

Positive Technologies•added 2023/07/06 12:0 a.m.•4 views

PT-2023-18408 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: A command injection issue exists in the vtysh ubus get fw logs functionality. This can be triggered by a specially crafted network request, potentially leading to command execution. Recommendation...

8.8CVSS9.2AI score0.03482EPSS

Exploits1References2

Positive Technologies•added 2023/07/06 12:0 a.m.•4 views

PT-2023-19690 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is related to OS command injection vulnerabilities in the urvpn client cmd name action functionality. A specially crafted network request can lead to arbitrary command execution. An...

8.8CVSS9.4AI score0.02926EPSS

Exploits1References2

Talos•added 2023/07/06 12:0 a.m.•38 views

Milesight UR32L vtysh_ubus _get_fw_logs OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1712 Milesight UR32L vtyshubus getfwlogs OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22299 SUMMARY An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted...

8.8CVSS8.9AI score0.03482EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by