Multiple Buffer Overflow Vulnerabilities in Milesight UR32L Firewall Handler
CVE-2023-25087

7.2HIGH

Key Information:

Vendor: Milesight
Status: Ur32l
Vendor: CVE Published:; 6 July 2023

What is CVE-2023-25087?

Multiple buffer overflow vulnerabilities affect the vtysh_ubus binary in the Milesight UR32L version 32.3.0.5. These vulnerabilities arise from using an unsafe sprintf pattern, which allows a specially crafted HTTP request to trigger arbitrary code execution. An attacker with sufficient privileges can exploit these vulnerabilities by sending malicious HTTP requests that target the firewall_handler_set function, specifically with the index and to_dport variables. Proper mitigation measures should be taken to safeguard against such attacks to protect the integrity of the affected system.

Affected Version(s)

UR32L v32.3.0.5

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Feb 2, 2023

Credit

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2023-25087 Data

JSON