Lucene search
K

16601 matches found

CVE
CVE
added 2023/07/06 2:53 p.m.49 views

CVE-2023-25097

Milesight UR32L (v32.3.0.5) exposes a buffer-overflow vulnerability in the vtysh_ubus binary (set_qos path, attach_class/class_name) due to unsafe sprintf usage. The issue can be triggered by high-privileged, network-accessing attackers via crafted HTTP requests, potentially enabling arbitrary co...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.24 views

CVE-2023-25095

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.20 views

CVE-2023-25087

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.50 views

CVE-2023-25087

CVE-2023-25087 affects Milesight UR32L v32.3.0.5. The issue is a buffer overflow in the vtysh_ubus binary’s firewall_handler_set path, caused by unsafe use of sprintf with user-controlled data. Exploitation requires an authenticated, high-privilege attacker sending crafted HTTP requests to the af...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.12 views

CVE-2023-25083

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.11 views

CVE-2023-25088

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.19 views

CVE-2023-25084

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.22 views

CVE-2023-25081

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01405EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.17 views

CVE-2023-25088

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.14 views

CVE-2023-25086

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.3AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.17 views

CVE-2023-25085

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.50 views

CVE-2023-25088

CVE-2023-25088 affects Milesight UR32L (v32.3.0.5) via the vtysh_ubus firewall_handler_set code path. The vulnerability is a buffer overflow caused by unsafe use of sprintf with user-controlled data (src/dmz, old_mac, old_ip, ip, description, etc.) in multiple code paths (e.g., firewall_handler_s...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.18 views

CVE-2023-25086

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.23 views

CVE-2023-25083

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.44 views

CVE-2023-25084

CVE-2023-25084 is a buffer-overflow vulnerability in Milesight UR32L v32.3.0.5, triggered by unsafe sprintf usage in the vtysh_ubus firewall_handler_set path. The issue affects the construction of commands using user-controlled fields (ip, mac, description), allowing a high-privilege attacker to ...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.17 views

CVE-2023-25082

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.48 views

CVE-2023-25082

Milesight UR32L (v32.3.0.5) is affected by CVE-2023-25082 via multiple buffer overflow vulnerabilities in the vtysh_ubus firewall_handler_set path. An attacker with high privileges can trigger arbitrary code execution by sending crafted HTTP requests that abuse unsafe sprintf usage with old_ip/ol...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.7 views

PT-2023-5145 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by a buffer overflow vulnerability in the set ike profile function of the vtysh ubus binary, due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can...

9CVSS7.3AI score0.01318EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.5 views

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China-based Milesight. A security vulnerability exists in the Milesight UR32L version v32.3.0.5, which stems from the use of an insecure sprintf pattern. An attacker could exploit the vulnerability to cause a buffer overflow via a specially craft...

7.2CVSS7.4AI score0.01318EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.4 views

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China-based Milesight. A security vulnerability exists in the Milesight UR32L version v32.3.0.5, which stems from the use of an insecure sprintf pattern. An attacker could exploit the vulnerability to cause a buffer overflow via a specially craft...

7.2CVSS7.4AI score0.01318EPSS
Exploits1References3
Rows per page
Query Builder