Vuldb Updates

A vulnerability, which was classified as critical, was found in Milesight UR32L 32.3.0.5. Affected by this vulnerability is the function set_ike_profile of the file vtysh_ubus of the component HTTP Request Handler. Executing manipulation of the argument username/password can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2023-25104. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Milesight UR32L 32.3.0.5 and classified as critical. This affects the function set_openvpn_client of the file vtysh_ubus of the component HTTP Request Handler. The manipulation of the argument remote_virtual_ip results in stack-based buffer overflow. This vulnerability is reported as CVE-2023-25116. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Milesight UR32L 32.3.0.5. It has been classified as critical. This vulnerability affects the function set_gre of the file vtysh_ubus of the component HTTP Request Handler. This manipulation of the argument local_virtual_ip/local_virtual_mask causes buffer overflow. This vulnerability appears as CVE-2023-25106. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Milesight UR32L 32.3.0.5. Affected by this issue is the function firewall_handler_set of the file vtysh_ubus of the component HTTP Request Handler. This manipulation of the argument index/to_dport causes buffer overflow. The identification of this vulnerability is CVE-2023-25087. The attack needs to be done within the local network. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in Milesight UR32L 32.3.0.5. This affects the function firewall_handler_set of the file vtysh_ubus of the component HTTP Request Handler. Such manipulation of the argument index/description leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2023-25088. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in Milesight UR32L 32.3.0.5. This vulnerability affects the function handle_interface_acl of the component HTTP Request Handler. Performing manipulation of the argument interface results in buffer overflow. This vulnerability is identified as CVE-2023-25089. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in Milesight UR32L 32.3.0.5. This issue affects the function handle_interface_acl of the file vtysh_ubus of the component HTTP Request Handler. Executing manipulation of the argument interface can lead to buffer overflow. This vulnerability is tracked as CVE-2023-25091. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in Milesight UR32L 32.3.0.5. Impacted is the function handle_interface_acl of the file vtysh_ubus of the component HTTP Request Handler. The manipulation of the argument interface/out_acl leads to buffer overflow. This vulnerability is listed as CVE-2023-25092. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical was found in Milesight UR32L 32.3.0.5. The affected element is the function handle_interface_acl of the file vtysh_ubus of the component HTTP Request Handler. The manipulation of the argument interface/in_acl results in buffer overflow. This vulnerability is cataloged as CVE-2023-25090. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Milesight UR32L 32.3.0.5. The impacted element is the function set_qos of the file vtysh_ubus of the component HTTP Request Handler. This manipulation of the argument class_name causes buffer overflow. This vulnerability is registered as CVE-2023-25093. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in Milesight UR32L 32.3.0.5. This affects the function into_class_node of the file vtysh_ubus of the component HTTP Request Handler. Such manipulation of the argument old_class_name leads to buffer overflow. This vulnerability is documented as CVE-2023-25094. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Milesight UR32L 32.3.0.5 and classified as critical. This impacts the function set_qos of the file vtysh_ubus of the component HTTP Request Handler. Performing manipulation of the argument rule_name results in stack-based buffer overflow. This vulnerability is reported as CVE-2023-25095. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Milesight UR32L 32.3.0.5 and classified as critical. Affected is the function set_qos of the file vtysh_ubus of the component HTTP Request Handler. Executing manipulation of the argument rule_name can lead to stack-based buffer overflow. This vulnerability appears as CVE-2023-25096. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Milesight UR32L 32.3.0.5. It has been classified as critical. Affected by this vulnerability is the function set_qos of the file vtysh_ubus of the component HTTP Request Handler. The manipulation of the argument attach_class leads to buffer overflow. This vulnerability is traded as CVE-2023-25097. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in Milesight UR32L 32.3.0.5. Affected by this issue is the function toolsh_excute.constprop.1 of the file vtysh_ubus of the component Network Request Handler. Such manipulation leads to command injection. This vulnerability is listed as CVE-2023-24519. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in Milesight UR32L 32.3.0.5. This affects the function toolsh_excute.constprop.1 of the file vtysh_ubus of the component Network Request Handler. Performing manipulation results in os command injection. This vulnerability is cataloged as CVE-2023-24520. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Milesight UR32L up to 32.3.0.5. This vulnerability affects the function cmd_name_action of the file urvpn_client of the component Network Request Handler. Executing manipulation can lead to os command injection. This vulnerability is registered as CVE-2023-24582. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in Milesight UR32L 32.3.0.5. This issue affects the function cmd_name_action of the file urvpn_client of the component Network Request Handler. The manipulation leads to os command injection. This vulnerability is documented as CVE-2023-24583. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability has been found in Milesight UR32L 32.3.0.5 and classified as critical. The affected element is the function firewall_handler_set of the file vtysh_ubus of the component HTTP Request Handler. This manipulation of the argument old_ip/old_mac causes stack-based buffer overflow. This vulnerability appears as CVE-2023-25082. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Milesight UR32L 32.3.0.5 and classified as critical. The impacted element is the function firewall_handler_set of the file vtysh_ubus of the component HTTP Request Handler. Such manipulation of the argument src/dmz leads to buffer overflow. This vulnerability is traded as CVE-2023-25081. The attack may be launched remotely. Furthermore, there is an exploit available.