What is CVE-2023-24018?

CVE-2023-24018 is a stack-based buffer overflow vulnerability in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5 firmware.

How does CVE-2023-24018 impact the affected software?

CVE-2023-24018 can be exploited by an authenticated attacker with specially crafted HTTP requests to trigger a buffer overflow in the Milesight UR32L v32.3.0.5 firmware.

What is the severity of CVE-2023-24018?

CVE-2023-24018 has a severity score of 8.8 (high).

How can I fix CVE-2023-24018?

To fix CVE-2023-24018, upgrade to a version of Milesight UR32L firmware that is not affected by this vulnerability.

Where can I find more information about CVE-2023-24018?

More information about CVE-2023-24018 can be found at the following link: [https://talosintelligence.com/vulnerability_reports/TALOS-2023-1715]

Vulnerability/
CVE-2023-24018

high

8.8

CWE

787 121 119

6/7/2023

2/8/2024

CVE-2023-24018: Buffer Overflow

First published: Thu Jul 06 2023(Updated: )

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.

Credit: talos-cna@cisco.com talos-cna@cisco.com

Affected Software	Affected Version	How to fix
Milesight Ur-32l Firmware	=32.3.0.5
Milesight Ur-32l
Milesight Ur32l Firmware	=32.3.0.5
Milesight UR32L

Never miss a vulnerability like this again

Reference Links

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1715

Frequently Asked Questions

What is CVE-2023-24018?
CVE-2023-24018 is a stack-based buffer overflow vulnerability in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5 firmware.
How does CVE-2023-24018 impact the affected software?
CVE-2023-24018 can be exploited by an authenticated attacker with specially crafted HTTP requests to trigger a buffer overflow in the Milesight UR32L v32.3.0.5 firmware.
What is the severity of CVE-2023-24018?
CVE-2023-24018 has a severity score of 8.8 (high).
How can I fix CVE-2023-24018?
To fix CVE-2023-24018, upgrade to a version of Milesight UR32L firmware that is not affected by this vulnerability.
Where can I find more information about CVE-2023-24018?
More information about CVE-2023-24018 can be found at the following link: [https://talosintelligence.com/vulnerability_reports/TALOS-2023-1715]

collector/nvd-index
agent/author
agent/type
agent/softwarecombine
agent/references
agent/weakness
agent/description
collector/nvd-api
agent/software-canonical-lookup-request
agent/severity
agent/event
agent/tags
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/milesight
canonical/milesight ur-32l firmware
version/milesight ur-32l firmware/32.3.0.5
canonical/milesight ur-32l
canonical/milesight ur32l firmware
version/milesight ur32l firmware/32.3.0.5
canonical/milesight ur32l

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.