Details of VAR-202405-0009

ID

VAR-202405-0009

CVE

CVE-2023-47166

TITLE

Milesight Technology of ur32l Firmware authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-028449

DESCRIPTION

A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability. Milesight Technology of ur32l The firmware contains an authorization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-47166 // JVNDB: JVNDB-2023-028449

AFFECTED PRODUCTS

vendor:	milesight	model:	ur32l	scope:	eq	version:	ur32l firmware 32.3.0.7-r2	Trust: 0.8
vendor:	milesight	model:	ur32l	scope:	-	version:	-	Trust: 0.8
vendor:	milesight	model:	ur32l	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-028449

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com:	CVE-2023-47166
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-028449
value:	HIGH
Trust: 0.8

talos-cna@cisco.com:	CVE-2023-47166
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-028449
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-028449 // NVD: CVE-2023-47166

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.0
problemtype:	Inappropriate authorization (CWE-285) [ others ]	Trust: 0.8
problemtype:	Lack of authentication for critical features (CWE-306) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-028449 // NVD: CVE-2023-47166

EXTERNAL IDS

db:	NVD	id:	CVE-2023-47166	Trust: 2.6
db:	TALOS	id:	TALOS-2023-1852	Trust: 1.8
db:	JVNDB	id:	JVNDB-2023-028449	Trust: 0.8

sources: JVNDB: JVNDB-2023-028449 // NVD: CVE-2023-47166

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2023-1852	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-47166	Trust: 0.8

sources: JVNDB: JVNDB-2023-028449 // NVD: CVE-2023-47166

SOURCES

db:	JVNDB	id:	JVNDB-2023-028449
db:	NVD	id:	CVE-2023-47166

LAST UPDATE DATE

2025-03-23T23:39:19.862000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-028449	date:	2025-03-21T08:38:00
db:	NVD	id:	CVE-2023-47166	date:	2024-05-01T19:50:25.633

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-028449	date:	2025-03-21T00:00:00
db:	NVD	id:	CVE-2023-47166	date:	2024-05-01T16:15:06.807