CVE-2023-22365

Name of the Vulnerable Software and Affected Versions Milesight UR32L version 32.3.0.5

Description A command injection issue exists in the check system user functionality of the ys thirdparty module. This can be triggered by a specially crafted set of network packets, potentially leading to command execution. An attacker can exploit this by sending a malicious network request.

Recommendations For Milesight UR32L version 32.3.0.5, consider restricting access to the ys thirdparty module and its check system user functionality until a patch is available. As a temporary workaround, network traffic should be closely monitored for suspicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.