CVE-2023-24018

Name of the Vulnerable Software and Affected Versions Milesight UR32L version 32.3.0.5

Description A stack-based buffer overflow issue exists in the security decrypt password functionality of the libzebra.so.0.0.0 library. This can be triggered by a specially crafted HTTP request, potentially leading to a buffer overflow. An authenticated attacker can exploit this by sending a crafted HTTP request.

Recommendations For Milesight UR32L version 32.3.0.5, consider restricting access to the security decrypt password functionality until a patch is available. As a temporary workaround, limit the ability to send specially crafted HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.