UR32L

CVEs (64)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-47166	Milesight UR32L	—	0.00	May 1, 2024	A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.
CVE-2023-23550	Milesight UR32L	—	0.00	Jul 6, 2023	An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-23547	Milesight UR32L	—	0.00	Jul 6, 2023	A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.
CVE-2023-23571	Milesight UR32L	—	0.00	Jul 6, 2023	An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.
CVE-2023-23902	Milesight UR32L	—	0.02	Jul 6, 2023	A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-22306	Milesight UR32L	—	0.00	Jul 6, 2023	An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-22659	Milesight UR32L	—	0.01	Jul 6, 2023	An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-23546	Milesight UR32L	—	0.00	Jul 6, 2023	A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2023-24520	Milesight UR32L	—	0.00	Jul 6, 2023	Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…
CVE-2023-24519	Milesight UR32L	—	0.00	Jul 6, 2023	Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…
CVE-2023-24583	Milesight UR32L	—	0.00	Jul 6, 2023	Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…
CVE-2023-24582	Milesight UR32L	—	0.00	Jul 6, 2023	Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…
CVE-2023-22365	Milesight UR32L	—	0.00	Jul 6, 2023	An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-22299	Milesight UR32L	—	0.01	Jul 6, 2023	An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-24595	Milesight UR32L	—	0.00	Jul 6, 2023	An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this…
CVE-2023-22653	Milesight UR32L	—	0.01	Jul 6, 2023	An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.
CVE-2023-24018	Milesight UR32L	—	0.00	Jul 6, 2023	A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this…
CVE-2023-25124	Milesight UR32L	—	0.00	Jul 6, 2023	Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…
CVE-2023-25123	Milesight UR32L	—	0.00	Jul 6, 2023	Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…
CVE-2023-25122	Milesight UR32L	—	0.00	Jul 6, 2023	Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

CVE-2023-47166May 1, 2024
Milesight
UR32L
risk 0.00cvss —epss 0.00
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.
CVE-2023-23550Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-23547Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.
CVE-2023-23571Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.
CVE-2023-23902Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.02
A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-22306Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-22659Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.01
An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-23546Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2023-24520Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…
CVE-2023-24519Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This…
CVE-2023-24583Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…
CVE-2023-24582Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these…
CVE-2023-22365Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-22299Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.01
An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-24595Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this…
CVE-2023-22653Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.01
An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.
CVE-2023-24018Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this…
CVE-2023-25124Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…
CVE-2023-25123Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…
CVE-2023-25122Jul 6, 2023
Milesight
UR32L
risk 0.00cvss —epss 0.00
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to…

Page 1 of 4