CVE-2023-25583: OS Command Injection
First published: Thu Jul 06 2023(Updated: )
Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Milesight Ur32l Firmware | =32.3.0.5 | |
| Milesight UR32L |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the two OS command injection vulnerabilities?
The vulnerability ID for the two OS command injection vulnerabilities is CVE-2023-25583.
What is the affected software for the two OS command injection vulnerabilities?
The affected software for the two OS command injection vulnerabilities is Milesight UR32L v32.3.0.5.
What is the severity of CVE-2023-25583?
The severity of CVE-2023-25583 is high (CVSS score: 7.2).
How can these vulnerabilities be exploited?
These vulnerabilities can be exploited by sending a specially crafted network request to the zebra vlan_name functionality.
What is the recommended fix for CVE-2023-25583?
To fix CVE-2023-25583, it is recommended to update Milesight UR32L firmware to version 32.3.0.6 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/milesight
- canonical/milesight ur32l firmware
- version/milesight ur32l firmware/32.3.0.5
- canonical/milesight ur32l