Lucene search
K

4 matches found

Cvelist
Cvelist
added 2023/07/06 2:53 p.m.21 views

CVE-2023-22299

An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

8.8CVSS9.1AI score0.03634EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.45 views

CVE-2023-22299

Milesight UR32L in v32.3.0.5 is affected by CVE-2023-22299, an OS command injection in the vtysh_ubus fw_logs_get handler exposed via the /cgi API. The vulnerability allows an attacker-supplied command (provided through the blobmsg tb[1] value) to be assembled into an iptables command and execute...

8.8CVSS9.1AI score0.03634EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.18 views

CVE-2023-22299

An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

8.8CVSS7.3AI score0.03634EPSS
Exploits1References1
Talos
Talos
added 2023/07/06 12:0 a.m.40 views

Milesight UR32L vtysh_ubus _get_fw_logs OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1712 Milesight UR32L vtyshubus getfwlogs OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22299 SUMMARY An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted...

8.8CVSS8.9AI score0.03634EPSS
Exploits1
Rows per page
Query Builder