Milesight UR32L urvpn_client cmd_name_action function command execution vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. A command execution vulnerability exists in the Milesight UR32L urvpnclient cmdnameaction function, which can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L urvpn_client function misconfiguration vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. A misconfiguration vulnerability in the Milesight UR32L urvpnclient feature can be exploited by an attacker to perform a man-in-the-middle attack resulting in elevated privileges...

Milesight UR32L urvpn_client http_connection_readcb Functional Buffer Overflow Vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L urvpnclient httpconnectionreadcb function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an...

Milesight UR32L urvpn_client cmd_name_action function command execution vulnerability (CNVD-2023-65496)

The Milesight UR32L is a 4G industrial router from China's Milesight. A command execution vulnerability exists in the Milesight UR32L urvpnclient cmdnameaction function, which can be exploited by an attacker to execute arbitrary commands on the system...

CVE-2023-24583

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

CVE-2023-24019

A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Privilege escalation

A misconfiguration vulnerability exists in the urvpnclient functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2023-23546

A misconfiguration vulnerability exists in the urvpnclient functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2023-23546

A misconfiguration vulnerability exists in the urvpnclient functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2023-23546

CVE-2023-23546 is a Milesight UR32L urvpn_client misconfiguration vulnerability. Talos identifies it as a pre-authentication/mitm-related issue enabling elevated privileges when an attacker can exploit weak certificate validation and related data handling. Public material details show multiple ch...

Milesight UR32L urvpn_client cmd_name_action OS command injection vulnerabilities

Talos Vulnerability Report TALOS-2023-1710 Milesight UR32L urvpnclient cmdnameaction OS command injection vulnerabilities July 6, 2023 CVE Number CVE-2023-24583,CVE-2023-24582 SUMMARY Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L...

Milesight UR32L urvpn_client http_connection_readcb stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1718 Milesight UR32L urvpnclient httpconnectionreadcb stack-based buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24019 SUMMARY A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesigh...

Milesight UR32L urvpn_client Certificate Validation vulnerability

Talos Vulnerability Report TALOS-2023-1705 Milesight UR32L urvpnclient Certificate Validation vulnerability July 6, 2023 CVE Number CVE-2023-23546 SUMMARY A misconfiguration vulnerability exists in the urvpnclient functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle...