2 matches found
CVE-2023-24519
Two OS command injection vulnerability exist in the vtyshubus toolshexcute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...
CVE-2023-24519
Milesight UR32L (v32.3.0.5) contains OS command injection vulnerabilities in the vtysh_ubus toolsh_excute.constprop.1 function, affecting the router’s HTTP/UBUS interfaces. Talos identifies two CVEs (CVE-2023-24519, CVE-2023-24520) linked to pre-authentication, stack-based command execution via p...