Ur32l firmware
This hub aggregates every CVE we track for Ur32l firmware, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
66
CVEs tracked
1
Critical
62
High
0
In CISA KEV
Severity distribution
HIGH62MEDIUM3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Ur32l firmware.
- CVE-2023-47166A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attac...8.8
- CVE-2023-43260Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.6.1
- CVE-2023-43261An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.7.5
- CVE-2023-23550An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attack...7.2
- CVE-2023-23547A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attack...6.5
- CVE-2023-23571An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a netwo...7.5
- CVE-2023-23902A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a ...9.8
- CVE-2023-22306An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacke...7.2
- CVE-2023-22659An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An att...7.2
- CVE-2023-24519Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command executio...8.8
- CVE-2023-23546A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker ca...4.2
- CVE-2023-24520Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command executio...8.8
- CVE-2023-24582Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command exec...8.8
- CVE-2023-24583Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command exec...8.8
- CVE-2023-22365An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execut...7.2
Product normalization is registry-driven with AI assist and human review. How it works