CVE-2023-24520

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Milesight UR32L version 32.3.0.5

Description A command injection issue exists in the vtysh ubus toolsh excute.constprop.1 functionality. This allows an attacker to execute commands by sending a specially-crafted network request to the trace tool utility.

Recommendations For Milesight UR32L version 32.3.0.5, consider disabling the vtysh ubus toolsh excute.constprop.1 functionality until a patch is available to prevent command execution. Restrict access to the trace tool utility to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2023-24520

Affected Products

Milesight Ur32L

CVE-2023-24520

Weakness Enumeration

Related Identifiers

Affected Products

References · 5