Vulnerabilities > CVE-2023-22653 - Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

milesight

NVD

Published: 2023-07-06

Updated: 2024-11-21

Summary

An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Milesight Milesight Ur32L Firmware 32.3.0.5	1
Hardware	Milesight Milesight Ur32L -	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1714
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1714
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1714