High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-06	CVE-2023-23907	Path Traversal vulnerability in Milesight Milesightvpn 2.0.2 A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. network low complexity milesight CWE-22	7.5
2023-07-06	CVE-2023-24018	Out-of-bounds Write vulnerability in Milesight Ur32L Firmware 32.3.0.5 A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. network low complexity milesight CWE-787	8.8
2023-07-06	CVE-2023-24019	Classic Buffer Overflow vulnerability in Milesight Ur32L Firmware 32.3.0.5 A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. network high complexity milesight CWE-120	8.1
2023-07-06	CVE-2023-24519	OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. network low complexity milesight CWE-78	8.8
2023-07-06	CVE-2023-24520	OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. network low complexity milesight CWE-78	8.8
2023-07-06	CVE-2023-24582	OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. network low complexity milesight CWE-78	8.8
2023-07-06	CVE-2023-24583	Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. network low complexity milesight CWE-77	8.8
2023-07-06	CVE-2023-24595	OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. network low complexity milesight CWE-78	7.2
2023-07-06	CVE-2023-25081	Out-of-bounds Write vulnerability in Milesight Ur32L Firmware 32.3.0.5 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. network low complexity milesight CWE-787	7.2
2023-07-06	CVE-2023-25082	Out-of-bounds Write vulnerability in Milesight Ur32L Firmware 32.3.0.5 Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. network low complexity milesight CWE-787	7.2