VYPR

UR32L

by Milesight

CVEs (66)

  • CVE-2023-23902CriJul 6, 2023
    risk 0.64cvss 9.8epss 0.02

    A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-22653HigJul 6, 2023
    risk 0.58cvss 8.8epss 0.07

    An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2023-47166HigMay 1, 2024
    risk 0.57cvss 8.8epss 0.01

    A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-24583HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…

  • CVE-2023-24582HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…

  • CVE-2023-24520HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…

  • CVE-2023-24519HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…

  • CVE-2023-24018HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.01

    A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this…

  • CVE-2023-22299HigJul 6, 2023
    risk 0.57cvss 8.8epss 0.03

    An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-43261HigOct 4, 2023
    risk 0.54cvss 7.5epss 0.60

    An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

  • CVE-2023-24019HigJul 6, 2023
    risk 0.53cvss 8.1epss 0.01

    A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2023-23571HigJul 6, 2023
    risk 0.49cvss 7.5epss 0.01

    An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-25583HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.03

    Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is…

  • CVE-2023-25582HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.03

    Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is…

  • CVE-2023-25124HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25123HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25122HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25121HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25120HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

  • CVE-2023-25119HigJul 6, 2023
    risk 0.47cvss 7.2epss 0.01

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

Page 1 of 4