Vulnerabilities > Milesight > Ur32L Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-07-06 CVE-2023-23571 Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5
An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight
7.5
2023-07-06 CVE-2023-23902 Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5
A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight
critical
9.8
2023-07-06 CVE-2023-24018 Out-of-bounds Write vulnerability in Milesight Ur32L Firmware 32.3.0.5
A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-787
8.8
2023-07-06 CVE-2023-24019 Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5
A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5.
network
high complexity
milesight
8.1
2023-07-06 CVE-2023-24519 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
2023-07-06 CVE-2023-24520 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
2023-07-06 CVE-2023-24582 OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight CWE-78
8.8
2023-07-06 CVE-2023-24583 Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5
Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight
8.8
2023-07-06 CVE-2023-24595 Unspecified vulnerability in Milesight Ur32L Firmware 32.3.0.5
An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5.
network
low complexity
milesight
7.2
2023-07-06 CVE-2023-25081 Out-of-bounds Write vulnerability in Milesight Ur32L Firmware 32.3.0.5
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern.
network
low complexity
milesight CWE-787
7.2