PT-2023-4165 · Milesight · Milesight Ur32L
Francesco Benvenuto
·
Published
2023-07-06
·
Updated
2023-08-06
·
CVE-2023-23902
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Milesight UR32L version 32.3.0.5
Description
A buffer overflow vulnerability exists in the uhttpd login functionality, allowing remote code execution through a specially crafted network request. An attacker can exploit this issue by sending a malicious request.
Recommendations
For Milesight UR32L version 32.3.0.5, consider disabling the uhttpd login functionality until a patch is available to prevent remote code execution. Restrict access to the login functionality to minimize the risk of exploitation.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Milesight Ur32L