Vulnerabilities > Milesight

DATE CVE VULNERABILITY TITLE RISK
2024-06-02 CVE-2024-36388 Unspecified vulnerability in Milesight Devicehub 3.0.1R1
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
network
low complexity
milesight
critical
 9.8
9.8
2024-06-02 CVE-2024-36389 Use of Insufficiently Random Values vulnerability in Milesight Devicehub 3.0.1R1
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
network
low complexity
milesight CWE-330
critical
 9.8
9.8
2024-06-02 CVE-2024-36390 Unspecified vulnerability in Milesight Devicehub 3.0.1R1
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
network
low complexity
milesight
7.5
7.5
2024-06-02 CVE-2024-36391 Unspecified vulnerability in Milesight Devicehub 3.0.1R1
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic
network
high complexity
milesight
7.4
7.4
2024-06-02 CVE-2024-36392 Cross-site Scripting vulnerability in Milesight Devicehub 3.0.1R1
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
milesight CWE-79
6.1
6.1
2024-06-02 CVE-2024-27776 Path Traversal vulnerability in Milesight Devicehub 3.0.1R1
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE
network
low complexity
milesight CWE-22
critical
 9.8
9.8
2023-10-05 CVE-2023-43260 Cross-site Scripting vulnerability in Milesight products
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
network
low complexity
milesight CWE-79
6.1
6.1
2023-10-04 CVE-2023-43261 Information Exposure Through Log Files vulnerability in Milesight products
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
network
low complexity
milesight CWE-532
7.5
7.5
2023-07-06 CVE-2023-22299 Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight
8.8
8.8
2023-07-06 CVE-2023-22306 Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight
7.2
7.2