Vulnerabilities > Milesight > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-43261 Information Exposure Through Log Files vulnerability in Milesight products
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
network
low complexity
milesight CWE-532
7.5
7.5
2023-07-06 CVE-2023-22299 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
8.8
2023-07-06 CVE-2023-22306 Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-77
7.2
7.2
2023-07-06 CVE-2023-22365 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
7.2
7.2
2023-07-06 CVE-2023-22371 OS Command Injection vulnerability in Milesight Milesightvpn 2.0.2
An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2.
network
high complexity
milesight CWE-78
8.1
8.1
2023-07-06 CVE-2023-22653 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
8.8
2023-07-06 CVE-2023-22659 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
7.2
7.2
2023-07-06 CVE-2023-23546 Improper Certificate Validation vulnerability in Milesight Ur32L Firmware 32.3.0.5
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5.
network
high complexity
milesight CWE-295
8.1
8.1
2023-07-06 CVE-2023-23550 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
7.2
7.2
2023-07-06 CVE-2023-23571 Buffer Over-read vulnerability in Milesight Ur32L Firmware 32.3.0.5
An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-126
7.5
7.5