4 matches found
CVE-2023-23550
An OS command injection vulnerability exists in the ysthirdparty userdelete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-23550
Milesight UR32L (v32.3.0.5) hosts multiple OS command injection and related vulnerabilities disclosed by Talos in 2023, notably TALOS-2023-1694 (CVE-2023-23550) in ys_thirdparty user_delete and TALOS-2023-1697 (CVE-2023-23902) in UR32L HTTP server decrypt_string, plus additional UR32L/Talos-CVEs ...
CVE-2023-23550
An OS command injection vulnerability exists in the ysthirdparty userdelete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...
Milesight UR32L ys_thirdparty user_delete OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1694 Milesight UR32L ysthirdparty userdelete OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-23550 SUMMARY An OS command injection vulnerability exists in the ysthirdparty userdelete functionality of Milesight UR32L v32.3.0.5. A specially...