Search

Find a vulnerability

Search criteria

    66 vulnerabilities found for UR32L by Milesight

    VAR-202405-0009

    Vulnerability from variot - Updated: 2025-11-18 15:17

    A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability. Milesight Technology of ur32l The firmware contains an authorization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202405-0009",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.7-r2"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.7-r2"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47166"
          }
        ]
      },
      "cve": "CVE-2023-47166",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-47166",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-028449",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-47166",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-028449",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47166"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability. Milesight Technology of ur32l The firmware contains an authorization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-47166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-47166",
            "trust": 2.6
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1852",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47166"
          }
        ]
      },
      "id": "VAR-202405-0009",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5878378
      },
      "last_update_date": "2025-11-18T15:17:18.194000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-285",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate authorization (CWE-285) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47166"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1852"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1852"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-47166"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47166"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-47166"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-03-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          },
          {
            "date": "2024-05-01T16:15:06.807000",
            "db": "NVD",
            "id": "CVE-2023-47166"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-03-21T08:38:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          },
          {
            "date": "2025-11-04T18:15:42.433000",
            "db": "NVD",
            "id": "CVE-2023-47166"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Firmware authorization vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028449"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202307-0389

    Vulnerability from variot - Updated: 2025-11-18 15:14

    Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration. Milesight Technology of ur32l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a Lite industrial cellular router from Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0389",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25583"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25583",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65499",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25583",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25583",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25583",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25583",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25583",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65499",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-335",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25583"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25583"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration. Milesight Technology of ur32l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a Lite industrial cellular router from Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25583"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25583",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1723",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-335",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25583",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25583"
          }
        ]
      },
      "id": "VAR-202307-0389",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:14:16.867000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Milesight UR32L zebra vlan_name function command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/455196"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25583"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1723"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25583"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1723"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25583/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25583"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25583"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25583"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "date": "2023-07-06T15:15:15.653000",
            "db": "NVD",
            "id": "CVE-2023-25583"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65499"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25583"
          },
          {
            "date": "2023-07-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          },
          {
            "date": "2024-01-05T08:12:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          },
          {
            "date": "2025-11-04T20:16:24.553000",
            "db": "NVD",
            "id": "CVE-2023-25583"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017208"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-335"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0388

    Vulnerability from variot - Updated: 2025-11-18 15:14

    Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration. Milesight Technology of ur32l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight.

    There is a command execution vulnerability in the Milesight UR32L zebra vlan_name function, an attacker can exploit this vulnerability to execute arbitrary commands on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0388",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25582"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25582",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-64960",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25582",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25582",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25582",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25582",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25582",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-64960",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-336",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25582"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25582"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration. Milesight Technology of ur32l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. \n\r\n\r\nThere is a command execution vulnerability in the Milesight UR32L zebra vlan_name function, an attacker can exploit this vulnerability to execute arbitrary commands on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25582"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25582"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25582",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1723",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-336",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25582",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25582"
          }
        ]
      },
      "id": "VAR-202307-0388",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:14:16.837000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25582"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1723"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25582"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1723"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25582/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25582"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25582"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25582"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "date": "2023-07-06T15:15:15.587000",
            "db": "NVD",
            "id": "CVE-2023-25582"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64960"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25582"
          },
          {
            "date": "2023-07-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          },
          {
            "date": "2024-01-05T08:12:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          },
          {
            "date": "2025-11-04T20:16:24.410000",
            "db": "NVD",
            "id": "CVE-2023-25582"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017209"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-336"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0275

    Vulnerability from variot - Updated: 2025-11-18 15:12

    Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0275",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24520"
          }
        ]
      },
      "cve": "CVE-2023-24520",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-65489",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-24520",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-24520",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-24520",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-24520",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-24520",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65489",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-407",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-407"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24520"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24520"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-24520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24520"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-24520",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1706",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-407",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24520",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-407"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24520"
          }
        ]
      },
      "id": "VAR-202307-0275",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:12:07.771000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Milesight UR32L vtysh_ubus toolsh_excute.constprop.1 function command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/455151"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24520"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1706"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24520"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1706"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-24520/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-407"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24520"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24520"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-407"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24520"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-24520"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-407"
          },
          {
            "date": "2024-01-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "date": "2023-07-06T15:15:12.180000",
            "db": "NVD",
            "id": "CVE-2023-24520"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65489"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-24520"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-407"
          },
          {
            "date": "2024-01-12T08:11:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          },
          {
            "date": "2025-11-04T20:16:18.637000",
            "db": "NVD",
            "id": "CVE-2023-24520"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-407"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019435"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-407"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0299

    Vulnerability from variot - Updated: 2025-11-18 15:12

    Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0299",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24519"
          }
        ]
      },
      "cve": "CVE-2023-24519",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-65490",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-24519",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-24519",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-24519",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-24519",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-24519",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65490",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-408",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-408"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24519"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24519"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-24519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24519"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-24519",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1706",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-408",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24519",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24519"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-408"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24519"
          }
        ]
      },
      "id": "VAR-202307-0299",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:12:07.743000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Milesight UR32L vtysh_ubus toolsh_excute.constprop.1 function command injection vulnerability (CNVD-2023-65490)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/455156"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24519"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1706"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24519"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1706"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-24519/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24519"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-408"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24519"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24519"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-408"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24519"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-24519"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-408"
          },
          {
            "date": "2024-01-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "date": "2023-07-06T15:15:12.107000",
            "db": "NVD",
            "id": "CVE-2023-24519"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65490"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-24519"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-408"
          },
          {
            "date": "2024-01-12T08:11:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          },
          {
            "date": "2025-11-04T20:16:17.653000",
            "db": "NVD",
            "id": "CVE-2023-24519"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-408"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019436"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-408"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0316

    Vulnerability from variot - Updated: 2025-11-18 15:12

    Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet. Milesight Technology of ur32l Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0316",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24583"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-24583",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-65486",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-24583",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-24583",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-24583",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-24583",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-24583",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65486",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-350",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24583"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24583"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet. Milesight Technology of ur32l Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-24583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24583"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-24583",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1710",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-350",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24583",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24583"
          }
        ]
      },
      "id": "VAR-202307-0316",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:12:07.713000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Milesight UR32L urvpn_client cmd_name_action command execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/455131"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24583"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1710"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24583"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1710"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-24583/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24583"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24583"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-24583"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "date": "2023-07-06T15:15:12.327000",
            "db": "NVD",
            "id": "CVE-2023-24583"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65486"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-24583"
          },
          {
            "date": "2023-07-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          },
          {
            "date": "2025-11-04T20:16:18.883000",
            "db": "NVD",
            "id": "CVE-2023-24583"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017263"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-350"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0317

    Vulnerability from variot - Updated: 2025-11-18 15:12

    Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet. Milesight Technology of ur32l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0317",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24582"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-24582",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-65496",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-24582",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-24582",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-24582",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-24582",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-24582",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65496",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-347",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24582"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24582"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet. Milesight Technology of ur32l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-24582"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24582"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-24582",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1710",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-347",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24582",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24582"
          }
        ]
      },
      "id": "VAR-202307-0317",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:12:07.684000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Milesight UR32L urvpn_client cmd_name_action function command execution vulnerability (CNVD-2023-65496)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/455136"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24582"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1710"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24582"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1710"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-24582/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24582"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-24582"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-24582"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-24582"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          },
          {
            "date": "2024-01-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "date": "2023-07-06T15:15:12.250000",
            "db": "NVD",
            "id": "CVE-2023-24582"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65496"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-24582"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          },
          {
            "date": "2024-01-12T08:11:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          },
          {
            "date": "2025-11-04T20:16:18.753000",
            "db": "NVD",
            "id": "CVE-2023-24582"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-019434"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-347"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0149

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight.

    There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0149",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25086"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25086",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2023-55358",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25086",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25086",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25086",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25086",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25086",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-55358",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-396",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25086"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25086"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. \n\r\n\r\nThere is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25086"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25086"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25086",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-396",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25086",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25086"
          }
        ]
      },
      "id": "VAR-202307-0149",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:04.081000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25086"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25086"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25086/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25086"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25086"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25086"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "date": "2023-07-06T15:15:12.827000",
            "db": "NVD",
            "id": "CVE-2023-25086"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-55358"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25086"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          },
          {
            "date": "2025-11-04T20:16:19.680000",
            "db": "NVD",
            "id": "CVE-2023-25086"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017254"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-396"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0160

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0160",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25091"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25091",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-61192",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25091",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25091",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25091",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25091",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25091",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-61192",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-392",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25091"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25091"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25091"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25091"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25091",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-392",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25091",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25091"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25091"
          }
        ]
      },
      "id": "VAR-202307-0160",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:04.052000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25091"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25091"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25091/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25091"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25091"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25091"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25091"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25091"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "date": "2023-07-06T15:15:13.187000",
            "db": "NVD",
            "id": "CVE-2023-25091"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-61192"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25091"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          },
          {
            "date": "2025-11-04T20:16:20.313000",
            "db": "NVD",
            "id": "CVE-2023-25091"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017249"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-392"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0162

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0162",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25110"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25110",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65067",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25110",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25110",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25110",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25110",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25110",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65067",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-362",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25110"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25110"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25110"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25110"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25110",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-362",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25110",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25110"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25110"
          }
        ]
      },
      "id": "VAR-202307-0162",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:04.022000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25110"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25110"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25110/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25110"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25110"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25110"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25110"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25110"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "date": "2023-07-06T15:15:14.543000",
            "db": "NVD",
            "id": "CVE-2023-25110"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65067"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25110"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          },
          {
            "date": "2025-11-04T20:16:22.603000",
            "db": "NVD",
            "id": "CVE-2023-25110"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017230"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-362"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0164

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0164",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25121"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25121",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65068",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25121",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25121",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25121",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25121",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25121",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65068",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-340",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25121"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25121"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25121"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25121",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-340",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25121",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25121"
          }
        ]
      },
      "id": "VAR-202307-0164",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.991000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25121"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25121"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25121/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25121"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25121"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25121"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "date": "2023-07-06T15:15:15.307000",
            "db": "NVD",
            "id": "CVE-2023-25121"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65068"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25121"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          },
          {
            "date": "2025-11-04T20:16:23.910000",
            "db": "NVD",
            "id": "CVE-2023-25121"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017219"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-340"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0150

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0150",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25103"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25103",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-64963",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25103",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25103",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25103",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25103",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25103",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-64963",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-374",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25103"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25103"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25103"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25103"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25103",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-374",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25103",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25103"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25103"
          }
        ]
      },
      "id": "VAR-202307-0150",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.962000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25103"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25103"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25103/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25103"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25103"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25103"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25103"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25103"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "date": "2023-07-06T15:15:14.060000",
            "db": "NVD",
            "id": "CVE-2023-25103"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64963"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25103"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          },
          {
            "date": "2025-11-04T20:16:21.730000",
            "db": "NVD",
            "id": "CVE-2023-25103"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017237"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-374"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0161

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0161",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25106"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25106",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65064",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25106",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25106",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25106",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25106",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25106",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65064",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-370",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25106"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25106"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25106"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25106"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25106",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-370",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25106",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25106"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25106"
          }
        ]
      },
      "id": "VAR-202307-0161",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.932000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25106"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25106"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25106/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25106"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25106"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25106"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25106"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25106"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "date": "2023-07-06T15:15:14.267000",
            "db": "NVD",
            "id": "CVE-2023-25106"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65064"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25106"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          },
          {
            "date": "2025-11-04T20:16:22.113000",
            "db": "NVD",
            "id": "CVE-2023-25106"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017234"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-370"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0133

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight.

    There is a buffer overflow vulnerability in the Milesight UR32L set_l2tp function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0133",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25113"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25113",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65071",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25113",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25113",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25113",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25113",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25113",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65071",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-355",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25113"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25113"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. \n\r\n\r\nThere is a buffer overflow vulnerability in the Milesight UR32L set_l2tp function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25113"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25113",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-355",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25113",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25113"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25113"
          }
        ]
      },
      "id": "VAR-202307-0133",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.903000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25113"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25113"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25113/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25113"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25113"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25113"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25113"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25113"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "date": "2023-07-06T15:15:14.747000",
            "db": "NVD",
            "id": "CVE-2023-25113"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65071"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25113"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          },
          {
            "date": "2025-11-04T20:16:22.970000",
            "db": "NVD",
            "id": "CVE-2023-25113"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017227"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-355"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0134

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight.

    There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0134",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25085"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25085",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2023-55360",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25085",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25085",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25085",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25085",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25085",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-55360",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-398",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25085"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25085"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. \n\r\n\r\nThere is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25085"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25085"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25085",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-398",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25085",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25085"
          }
        ]
      },
      "id": "VAR-202307-0134",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.873000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25085"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25085"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25085/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25085"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25085"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25085"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "date": "2023-07-06T15:15:12.757000",
            "db": "NVD",
            "id": "CVE-2023-25085"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-55360"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25085"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          },
          {
            "date": "2025-11-04T20:16:19.560000",
            "db": "NVD",
            "id": "CVE-2023-25085"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017255"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-398"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0145

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight.

    There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0145",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25081"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25081",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-64937",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25081",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25081",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25081",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25081",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25081",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-64937",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-404",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25081"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25081"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. \n\r\n\r\nThere is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25081"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25081",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-404",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25081",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25081"
          }
        ]
      },
      "id": "VAR-202307-0145",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.843000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25081"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25081"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25081/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25081"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25081"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25081"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25081"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "date": "2023-07-06T15:15:12.470000",
            "db": "NVD",
            "id": "CVE-2023-25081"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64937"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25081"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          },
          {
            "date": "2025-11-04T20:16:19",
            "db": "NVD",
            "id": "CVE-2023-25081"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017259"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-404"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0165

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0165",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25109"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25109",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65063",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25109",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25109",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25109",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25109",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25109",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65063",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-363",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25109"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25109"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25109"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25109"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25109",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-363",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25109",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25109"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25109"
          }
        ]
      },
      "id": "VAR-202307-0165",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.813000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25109"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25109"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25109/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25109"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25109"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25109"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25109"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25109"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "date": "2023-07-06T15:15:14.473000",
            "db": "NVD",
            "id": "CVE-2023-25109"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65063"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25109"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          },
          {
            "date": "2025-11-04T20:16:22.480000",
            "db": "NVD",
            "id": "CVE-2023-25109"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017231"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-363"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0153

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0153",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25089"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25089",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65483",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25089",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25089",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25089",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25089",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25089",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65483",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-394",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25089"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25089"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25089"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25089"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25089",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-394",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25089",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25089"
          }
        ]
      },
      "id": "VAR-202307-0153",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.783000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25089"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25089"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25089/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25089"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25089"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25089"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "date": "2023-07-06T15:15:13.043000",
            "db": "NVD",
            "id": "CVE-2023-25089"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65483"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25089"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          },
          {
            "date": "2025-11-04T20:16:20.067000",
            "db": "NVD",
            "id": "CVE-2023-25089"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017251"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-394"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0148

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0148",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25100"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25100",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65098",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25100",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25100",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25100",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25100",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25100",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65098",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-379",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25100"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25100"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25100"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25100"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25100",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-379",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25100",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25100"
          }
        ]
      },
      "id": "VAR-202307-0148",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.753000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25100"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25100"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25100/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25100"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25100"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25100"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "date": "2023-07-06T15:15:13.857000",
            "db": "NVD",
            "id": "CVE-2023-25100"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65098"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25100"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          },
          {
            "date": "2025-11-04T20:16:21.367000",
            "db": "NVD",
            "id": "CVE-2023-25100"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017240"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-379"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0154

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight.

    There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0154",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25088"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25088",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2023-55357",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25088",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25088",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25088",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25088",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25088",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-55357",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-399",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25088"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25088"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. \n\r\n\r\nThere is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which is caused by incorrect boundary check of the firewall_handler_set function. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause an application to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25088"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25088"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25088",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-399",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25088",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25088"
          }
        ]
      },
      "id": "VAR-202307-0154",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.724000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25088"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25088"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25088/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25088"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25088"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25088"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "date": "2023-07-06T15:15:12.967000",
            "db": "NVD",
            "id": "CVE-2023-25088"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-55357"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25088"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          },
          {
            "date": "2025-11-04T20:16:19.917000",
            "db": "NVD",
            "id": "CVE-2023-25088"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017252"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-399"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0141

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0141",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25082"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25082",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-64886",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25082",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25082",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25082",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25082",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25082",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-64886",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-375",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25082"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25082"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25082"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25082",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-375",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25082",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25082"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25082"
          }
        ]
      },
      "id": "VAR-202307-0141",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.694000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25082"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25082"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25082/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25082"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25082"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25082"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25082"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25082"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "date": "2023-07-06T15:15:12.540000",
            "db": "NVD",
            "id": "CVE-2023-25082"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64886"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25082"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          },
          {
            "date": "2025-11-04T20:16:19.137000",
            "db": "NVD",
            "id": "CVE-2023-25082"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017258"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-375"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0169

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0169",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25098"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25098",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65126",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25098",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25098",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25098",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25098",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25098",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65126",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-381",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25098"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25098"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25098"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25098"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25098",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-381",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25098",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25098"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25098"
          }
        ]
      },
      "id": "VAR-202307-0169",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.664000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25098"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25098"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25098/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25098"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25098"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25098"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25098"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25098"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "date": "2023-07-06T15:15:13.707000",
            "db": "NVD",
            "id": "CVE-2023-25098"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65126"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25098"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          },
          {
            "date": "2025-11-04T20:16:21.137000",
            "db": "NVD",
            "id": "CVE-2023-25098"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017242"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-381"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0158

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0158",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25105"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25105",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65069",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25105",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25105",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25105",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25105",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25105",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65069",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-371",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25105"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25105"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25105"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25105"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25105",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-371",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25105",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25105"
          }
        ]
      },
      "id": "VAR-202307-0158",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.635000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25105"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25105"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25105/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25105"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25105"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25105"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "date": "2023-07-06T15:15:14.197000",
            "db": "NVD",
            "id": "CVE-2023-25105"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65069"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25105"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          },
          {
            "date": "2025-11-04T20:16:21.993000",
            "db": "NVD",
            "id": "CVE-2023-25105"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017235"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-371"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0135

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables. Milesight Technology of ur32l A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0135",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25117"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25117",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65074",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25117",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25117",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25117",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25117",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25117",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65074",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-348",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25117"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25117"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables. Milesight Technology of ur32l A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25117"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25117",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-348",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25117",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25117"
          }
        ]
      },
      "id": "VAR-202307-0135",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.605000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25117"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25117"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25117/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25117"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25117"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25117"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "date": "2023-07-06T15:15:15.023000",
            "db": "NVD",
            "id": "CVE-2023-25117"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65074"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25117"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          },
          {
            "date": "2025-11-04T20:16:23.437000",
            "db": "NVD",
            "id": "CVE-2023-25117"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017223"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-348"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0159

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight.

    There is a buffer overflow vulnerability in the Milesight UR32L set_ike_profile function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0159",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25104"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25104",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65070",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25104",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25104",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25104",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25104",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25104",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65070",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-372",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25104"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25104"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is an industrial router produced by China Milesight. \n\r\n\r\nThere is a buffer overflow vulnerability in the Milesight UR32L set_ike_profile function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25104"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25104"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25104",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-372",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25104",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25104"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25104"
          }
        ]
      },
      "id": "VAR-202307-0159",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.575000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25104"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25104"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25104/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25104"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25104"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25104"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25104"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25104"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "date": "2023-07-06T15:15:14.127000",
            "db": "NVD",
            "id": "CVE-2023-25104"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65070"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25104"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          },
          {
            "date": "2025-11-04T20:16:21.853000",
            "db": "NVD",
            "id": "CVE-2023-25104"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017236"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-372"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0166

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0166",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25114"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25114",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65073",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25114",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25114",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25114",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25114",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25114",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65073",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-354",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25114"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25114"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25114"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25114"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25114",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-354",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25114",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25114"
          }
        ]
      },
      "id": "VAR-202307-0166",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.546000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25114"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25114"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25114/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25114"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25114"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25114"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "date": "2023-07-06T15:15:14.817000",
            "db": "NVD",
            "id": "CVE-2023-25114"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65073"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25114"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          },
          {
            "date": "2025-11-04T20:16:23.090000",
            "db": "NVD",
            "id": "CVE-2023-25114"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017226"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-354"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0138

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables. Milesight Technology of ur32l A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0138",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25122"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25122",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65076",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25122",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25122",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25122",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25122",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25122",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65076",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-339",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25122"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25122"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables. Milesight Technology of ur32l A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25122"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25122",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-339",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25122",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25122"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25122"
          }
        ]
      },
      "id": "VAR-202307-0138",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.516000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25122"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25122"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25122/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25122"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25122"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25122"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25122"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25122"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "date": "2023-07-06T15:15:15.377000",
            "db": "NVD",
            "id": "CVE-2023-25122"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65076"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25122"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          },
          {
            "date": "2025-11-04T20:16:24.033000",
            "db": "NVD",
            "id": "CVE-2023-25122"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017218"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-339"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0156

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands. Milesight Technology of ur32l A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight.

    There is a buffer overflow vulnerability in the Milesight UR32L set_qos function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0156",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25095"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25095",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65125",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25095",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25095",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25095",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25095",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25095",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65125",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-385",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25095"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25095"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands. Milesight Technology of ur32l A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. \n\r\n\r\nThere is a buffer overflow vulnerability in the Milesight UR32L set_qos function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25095"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25095",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-385",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25095",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25095"
          }
        ]
      },
      "id": "VAR-202307-0156",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.486000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25095"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25095"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25095/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25095"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25095"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25095"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25095"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "date": "2023-07-06T15:15:13.493000",
            "db": "NVD",
            "id": "CVE-2023-25095"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65125"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25095"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          },
          {
            "date": "2025-11-04T20:16:20.783000",
            "db": "NVD",
            "id": "CVE-2023-25095"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017245"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-385"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0139

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0139",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25124"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25124",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-65481",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25124",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25124",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25124",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25124",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25124",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-65481",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-337",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25124"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25124"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables. Milesight Technology of ur32l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25124"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25124",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-337",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25124",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25124"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25124"
          }
        ]
      },
      "id": "VAR-202307-0139",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.456000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25124"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25124"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25124/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25124"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25124"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25124"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25124"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25124"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "date": "2023-07-06T15:15:15.513000",
            "db": "NVD",
            "id": "CVE-2023-25124"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-65481"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25124"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          },
          {
            "date": "2024-01-05T08:13:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          },
          {
            "date": "2025-11-04T20:16:24.283000",
            "db": "NVD",
            "id": "CVE-2023-25124"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017216"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-337"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0146

    Vulnerability from variot - Updated: 2025-11-18 15:06

    Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables. Milesight Technology of ur32l A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight.

    There is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0146",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "milesight",
            "version": "32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "milesight",
            "version": "ur32l  firmware  32.3.0.5"
          },
          {
            "model": "ur32l",
            "scope": null,
            "trust": 0.8,
            "vendor": "milesight",
            "version": null
          },
          {
            "model": "ur32l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "milesight",
            "version": "v32.3.0.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25084"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Francesco Benvenuto of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-25084",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2023-64885",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2023-25084",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-25084",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2023-25084",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-25084",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-25084",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-64885",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-401",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25084"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25084"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables. Milesight Technology of ur32l A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Milesight UR32L is a 4G industrial router produced by China Milesight. \n\r\n\r\nThere is a buffer overflow vulnerability in the Milesight UR32L firewall_handler_set function, which can be exploited by an attacker to overflow the buffer and execute arbitrary code on the system, or cause the application to crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-25084"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25084"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-25084",
            "trust": 3.9
          },
          {
            "db": "TALOS",
            "id": "TALOS-2023-1716",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-401",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25084",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25084"
          }
        ]
      },
      "id": "VAR-202307-0146",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          }
        ],
        "trust": 1.1878378
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:06:03.426000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25084"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25084"
          },
          {
            "trust": 1.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2023-1716"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-25084/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25084"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-25084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-25084"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25084"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          },
          {
            "date": "2024-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "date": "2023-07-06T15:15:12.680000",
            "db": "NVD",
            "id": "CVE-2023-25084"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-64885"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-25084"
          },
          {
            "date": "2023-07-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          },
          {
            "date": "2024-01-05T08:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          },
          {
            "date": "2025-11-04T20:16:19.450000",
            "db": "NVD",
            "id": "CVE-2023-25084"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Milesight\u00a0Technology\u00a0 of \u00a0ur32l\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-017256"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-401"
          }
        ],
        "trust": 0.6
      }
    }