CVE-2023-22306

Name of the Vulnerable Software and Affected Versions Milesight UR32L version 32.3.0.5

Description An OS command injection issue exists in the libzebra.so bridge group functionality. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this issue.

Recommendations For Milesight UR32L version 32.3.0.5, consider restricting access to the bridge group functionality in the libzebra.so library until a patch is available. As a temporary workaround, avoid using the vulnerable functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.