2 matches found
CVE-2023-25124
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25124
CVE-2023-25124 (Milesight UR32L v32.3.0.5) is a set of buffer overflow vulnerabilities in the vtysh_ubus binary and related OpenVPN client handling. Talos documents a pre-authentication remote risk path via crafted requests that can trigger stack-based buffer overflows in functions such as set_op...