Ur32l Security Vulnerabilities and Issues — Ur32l CVE List

Lucene search

MilesightUr32l

10 matches found

CVE•added 2024/05/01 4:15 p.m.•47 views

CVE-2023-47166

A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.

8.8CVSS6.8AI score0.00127EPSS

CVE•added 2023/07/06 3:15 p.m.•46 views

CVE-2023-22653

An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.

8.8CVSS9.1AI score0.01026EPSS

CVE•added 2023/07/06 3:15 p.m.•42 views

CVE-2023-24019

A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

8.1CVSS8.5AI score0.00075EPSS

CVE•added 2023/07/06 3:15 p.m.•33 views

CVE-2023-24583

Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injecti...

8.8CVSS9.4AI score0.00127EPSS

CVE•added 2023/07/06 3:15 p.m.•32 views

CVE-2023-24582

8.8CVSS9.4AI score0.00127EPSS

CVE•added 2023/07/06 3:15 p.m.•30 views

CVE-2023-22299

An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.

8.8CVSS9.1AI score0.00657EPSS

CVE•added 2023/07/06 3:15 p.m.•30 views

CVE-2023-23546

A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

8.1CVSS8.2AI score0.00132EPSS

CVE•added 2023/07/06 3:15 p.m.•30 views

CVE-2023-24520

Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...

8.8CVSS9.2AI score0.00385EPSS

CVE•added 2023/07/06 3:15 p.m.•29 views

CVE-2023-24519

8.8CVSS9.2AI score0.00385EPSS

CVE•added 2023/07/06 3:15 p.m.•25 views

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.

8.8CVSS9AI score0.00143EPSS