CVE-2023-25582: OS Command Injection
First published: Thu Jul 06 2023(Updated: )
Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Milesight Ur32l Firmware | =32.3.0.5 | |
| Milesight UR32L |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the OS command injection in Milesight UR32L v32.3.0.5?
The vulnerability ID for the OS command injection in Milesight UR32L v32.3.0.5 is CVE-2023-25582.
What is the severity rating of CVE-2023-25582?
CVE-2023-25582 has a severity rating of 7.2, which is considered high.
What is affected by CVE-2023-25582?
CVE-2023-25582 affects Milesight UR32L v32.3.0.5 firmware.
How can an attacker exploit CVE-2023-25582?
An attacker can exploit CVE-2023-25582 by sending a specially crafted network request to trigger the OS command injection vulnerabilities in Milesight UR32L v32.3.0.5.
Is Milesight UR32L v32.3.0.5 vulnerable to CVE-2023-25582?
Yes, Milesight UR32L v32.3.0.5 is vulnerable to CVE-2023-25582.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/milesight
- canonical/milesight ur32l firmware
- version/milesight ur32l firmware/32.3.0.5
- canonical/milesight ur32l