VARIoT IoT vulnerabilities database

Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Milesight Technology of ur32l A certificate validation vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration. Milesight Technology of ur32l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a Lite industrial cellular router from Milesight

A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. Milesight UR32L is a 4G industrial router produced by China Milesight. There is a directory traversal vulnerability in the Milesight UR32L, which can be exploited by an attacker to view arbitrary files on the system by sending a specially crafted URL request containing the "dot dot" sequence (/../)

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. Attackers can use this vulnerability to execute arbitrary commands on the system

A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. Milesight Technology of ur32l Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file. Samsung's calendar Exists in a past traversal vulnerability.Information may be tampered with

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight. There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash