2 matches found
CVE-2023-25110
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25110
Milesight UR32L (v32.3.0.5) is affected by multiple buffer-overflow vulnerabilities in the vtysh_ubus binary caused by unsafe use of sprintf; a specially crafted HTTP request can trigger a remote code-execution path in set_gre and related code paths that format commands via vtysh_command_buffer. ...