Milesight Ur32L vulnerabilities
64 known vulnerabilities affecting milesight/ur32l.
Total CVEs
64
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH62MEDIUM1
Vulnerabilities
Page 4 of 4
CVE-2023-25083P3HIGHCVSS 7.2vv32.3.0.52023-07-06
CVE-2023-25083 [HIGH] CWE-121 CVE-2023-25083: Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_han
nvd
CVE-2023-23546P3HIGHCVSS 8.1vv32.3.0.52023-07-06
CVE-2023-23546 [HIGH] CWE-295 CVE-2023-23546: A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd
CVE-2023-23571P3HIGHCVSS 7.5vv32.3.0.52023-07-06
CVE-2023-23571 [HIGH] CWE-126 CVE-2023-23571: An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5
An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2023-23547P3MEDIUMCVSS 6.5vv32.3.0.52023-07-06
CVE-2023-23547 [MEDIUM] CWE-22 CVE-2023-23547: A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesigh
A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.
nvd
← Previous4 / 4