CVE-2023-24519

Name of the Vulnerable Software and Affected Versions Milesight UR32L version 32.3.0.5

Description A command injection issue exists in the vtysh ubus tool's toolsh excute.constprop.1 functionality, specifically within the ping tool utility. This allows an attacker to execute commands by sending a specially crafted network request. The vulnerability can be triggered by an attacker sending a network request.

Recommendations For Milesight UR32L version 32.3.0.5, consider disabling the vtysh ubus tool's toolsh excute.constprop.1 functionality or restricting access to the ping tool utility until a patch is available. Avoid using the ping tool utility in the affected version to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.