Vulnerabilities > Milesight

DATE CVE VULNERABILITY TITLE RISK
2023-10-05 CVE-2023-43260 Cross-site Scripting vulnerability in Milesight products
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
network
low complexity
milesight CWE-79
6.1
6.1
2023-10-04 CVE-2023-43261 Information Exposure Through Log Files vulnerability in Milesight products
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
network
low complexity
milesight CWE-532
7.5
7.5
2023-07-06 CVE-2023-22299 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
8.8
2023-07-06 CVE-2023-22306 Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-77
7.2
7.2
2023-07-06 CVE-2023-22319 SQL Injection vulnerability in Milesight Milesightvpn 2.0.2
A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2.
network
low complexity
milesight CWE-89
critical
 9.8
9.8
2023-07-06 CVE-2023-22365 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
7.2
7.2
2023-07-06 CVE-2023-22371 OS Command Injection vulnerability in Milesight Milesightvpn 2.0.2
An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2.
network
high complexity
milesight CWE-78
8.1
8.1
2023-07-06 CVE-2023-22653 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
8.8
2023-07-06 CVE-2023-22659 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
7.2
7.2
2023-07-06 CVE-2023-22844 Use of Hard-coded Cryptographic Key vulnerability in Milesight Milesightvpn 2.0.2
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2.
network
low complexity
milesight CWE-321
critical
 9.8
9.8