EUVD-2023-26789

Malicious code in bioql PyPI...

EUVD-2023-28082

Malicious code in bioql PyPI...

Milesight UR32L libzebra.so change_hostname function command injection vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L libzebra.so changehostname function, which can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L libzebra.so bridge_group function command injection vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L libzebra.so bridgegroup function, which can be exploited by an attacker to execute arbitrary commands on the system...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-22659

An os command injection vulnerability exists in the libzebra.so changehostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-22306

An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

Command injection

An os command injection vulnerability exists in the libzebra.so changehostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

Command injection

An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-22306

Milesight UR32L (v32.3.0.5) has an OS command injection in the libzebra.so bridge_group function. The code constructs an ifconfig command using the provided interface name and passes it to system(), enabling arbitrary command execution. The vulnerability is triggered via the bridge-group command ...

CVE-2023-22306

An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-22659

Milesight UR32L (v32.3.0.5) contains CVE-2023-22659: an OS command injection vulnerability in the libzebra.so change_hostname function. Talos reports a pre-authentication stack-based buffer overflow in the UR32L HTTP server binary uhttpd, specifically in decrypt_string, where Base64-decode then A...

CVE-2023-22659

An os command injection vulnerability exists in the libzebra.so changehostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-24018

CVE-2023-24018 affects Milesight UR32L v32.3.0.5. Talos reports a stack-based buffer overflow in the libzebra.so.0.0.0 security_decrypt_password function used to decrypt user passwords during configuration (e.g., via the yruo_usermanagement path). The vulnerability arises from decrypting an arbit...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

Milesight UR32L libzebra.so bridge_group OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1698 Milesight UR32L libzebra.so bridgegroup OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22306 SUMMARY An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially...

Milesight UR32L libzebra.so security_decrypt_password buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1715 Milesight UR32L libzebra.so securitydecryptpassword buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24018 SUMMARY A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesigh...

Milesight UR32L libzebra.so change_hostname OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1699 Milesight UR32L libzebra.so changehostname OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22659 SUMMARY An os command injection vulnerability exists in the libzebra.so changehostname functionality of Milesight UR32L v32.3.0.5. A...