Buffer Overflow Vulnerabilities in Milesight UR32L Product
CVE-2023-25086

7.2HIGH

Key Information:

Vendor: Milesight
Status: Ur32l
Vendor: CVE Published:; 6 July 2023

What is CVE-2023-25086?

Multiple buffer overflow vulnerabilities exist within the vtysh_ubus binary of the Milesight UR32L product due to the improper use of a risky sprintf pattern. An attacker with elevated privileges could exploit this flaw by crafting an HTTP request that triggers arbitrary code execution. Specifically, the vulnerability arises in the firewall_handler_set function, where the index and dport variables are mishandled, potentially allowing unauthorized access and execution of malicious code.

Affected Version(s)

UR32L v32.3.0.5

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Feb 2, 2023

Credit

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2023-25086 Data

JSON