3 matches found
CVE-2023-22365
CVE-2023-22365 covers a set of OS command injection vulnerabilities in Milesight UR32L (v32.3.0.5) affecting the ys_thirdparty check_system_user function and related UR32L/Talos-disclosed JO vulnerabilities. Talos documents a pre-authentication remote stack-based buffer overflow (TALOS-2023-1697,...
CVE-2023-22365
An OS command injection vulnerability exists in the ysthirdparty checksystemuser functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability...
Milesight UR32L ys_thirdparty check_system_user OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1711 Milesight UR32L ysthirdparty checksystemuser OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22365 SUMMARY An OS command injection vulnerability exists in the ysthirdparty checksystemuser functionality of Milesight UR32L v32.3.0.5. A...