PT-2023-18608 · Milesight · Milesight Ur32L

Francesco Benvenuto

Publicado

2023-07-06

Atualizado

2023-07-13

CVE-2023-22659

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Milesight UR32L version 32.3.0.5

Description An os command injection issue exists in the libzebra.so change hostname functionality. A specially-crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this issue.

Recommendations For Milesight UR32L version 32.3.0.5, consider disabling the change hostname functionality in libzebra.so until a patch is available to prevent potential command execution. Restrict access to the network to minimize the risk of exploitation.

Exploit

Correção

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

CVE-2023-22659

Produtos afetados

Milesight Ur32L

PT-2023-18608 · Milesight · Milesight Ur32L

CVE-2023-22659

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4