2 matches found
CVE-2023-25097
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25097
Milesight UR32L (v32.3.0.5) exposes a buffer-overflow vulnerability in the vtysh_ubus binary (set_qos path, attach_class/class_name) due to unsafe sprintf usage. The issue can be triggered by high-privileged, network-accessing attackers via crafted HTTP requests, potentially enabling arbitrary co...