Buffer Overflow Vulnerability in Milesight UR32L Product
CVE-2023-24019

8.1HIGH

Key Information:

Vendor: Milesight
Status: Ur32l
Vendor: CVE Published:; 6 July 2023

What is CVE-2023-24019?

A stack-based buffer overflow vulnerability has been identified in the http_connection_readcb function of the Milesight UR32L firmware version 32.3.0.5. This vulnerability allows attackers to send specially crafted network packets, potentially leading to a buffer overflow condition. Exploitation of this issue may enable unauthorized actions within the system, impacting the overall security and functioning of the affected devices. Users are urged to review their systems and implement necessary mitigations to protect against potential exploits.

Affected Version(s)

UR32L v32.3.0.5

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Feb 6, 2023

Credit

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2023-24019 Data

JSON