Ur32l Firmware Security Vulnerabilities and Issues — Ur32l Firmware CVE List

Lucene search

MilesightUr32l Firmware

66 matches found

CVE•added 2023/10/04 12:15 p.m.•77 views

CVE-2023-43261

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

7.5CVSS7.1AI score0.93058EPSS

CVE•added 2023/07/06 3:15 p.m.•49 views

CVE-2023-23571

An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.

7.5CVSS7.7AI score0.00093EPSS

CVE•added 2024/05/01 4:15 p.m.•47 views

CVE-2023-47166

A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.

8.8CVSS6.8AI score0.00127EPSS

CVE•added 2023/07/06 3:15 p.m.•46 views

CVE-2023-22653

An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.

8.8CVSS9.1AI score0.01026EPSS

CVE•added 2023/07/06 3:15 p.m.•43 views

CVE-2023-22659

An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

7.2CVSS7.7AI score0.00467EPSS

CVE•added 2023/07/06 3:15 p.m.•43 views

CVE-2023-23550

An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

7.2CVSS7.7AI score0.00186EPSS

CVE•added 2023/07/06 3:15 p.m.•42 views

CVE-2023-24019

A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

8.1CVSS8.5AI score0.00075EPSS

CVE•added 2023/07/06 3:15 p.m.•41 views

CVE-2023-22306

An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

7.2CVSS7.7AI score0.00186EPSS

CVE•added 2023/07/06 3:15 p.m.•40 views

CVE-2023-25095

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabi...

7.2CVSS7.4AI score0.00099EPSS

CVE•added 2023/07/06 3:15 p.m.•40 views

CVE-2023-25099

7.2CVSS7.5AI score0.00089EPSS

CVE•added 2023/10/05 7:15 p.m.•40 views

CVE-2023-43260

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.

6.1CVSS6AI score0.0009EPSS

CVE•added 2023/07/06 3:15 p.m.•38 views

CVE-2023-23902

A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.

9.8CVSS9.8AI score0.01529EPSS

CVE•added 2023/07/06 3:15 p.m.•38 views

CVE-2023-25102