Vulnerabilities > CVE-2023-25582 - Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

milesight

NVD

Published: 2023-07-06

Updated: 2024-11-21

Summary

Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.

Vulnerable Configurations

Part	Description	Count
OS	Milesight Milesight Ur32L Firmware 32.3.0.5	1
Hardware	Milesight Milesight Ur32L -	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1723
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1723