Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-33547

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-13 Sep, 2021 | 17:55
Updated At-17 Sep, 2024 | 02:47
Rejected At-
Credits

UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:13 Sep, 2021 | 17:55
Updated At:17 Sep, 2024 | 02:47
Rejected At:
▼CVE Numbering Authority (CNA)
UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

Affected Products
Vendor
Geutebrück
Product
E2 Series
Versions
Affected
  • EBC-21xx 1.12.13.2
  • EBC-21xx 1.12.14.5
  • EFD-22xx 1.12.13.2
  • EFD-22xx 1.12.14.5
  • ETHC-22xx 1.12.13.2
  • ETHC-22xx 1.12.14.5
  • EWPC-22xx 1.12.13.2
  • EWPC-22xx 1.12.14.5
  • From EBC-21xx through 1.12.0.27 (custom)
  • From EFD-22xx through 1.12.0.27 (custom)
  • From ETHC-22xx through 1.12.0.27 (custom)
  • From EWPC-22xx through 1.12.0.27 (custom)
Vendor
Geutebrück
Product
Encoder G-Code
Versions
Affected
  • EEC-2xx 1.12.13.2
  • EEC-2xx 1.12.14.5
  • EEN-20xx 1.12.13.2
  • EEN-20xx 1.12.14.5
  • From EEC-2xx through 1.12.0.27 (custom)
  • From EEN-20xx through 1.12.0.27 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/
x_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03
x_refsource_CONFIRM
Hyperlink: https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/
Resource:
x_refsource_CONFIRM
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/
x_refsource_CONFIRM
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:13 Sep, 2021 | 18:15
Updated At:27 Sep, 2021 | 14:30

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
geutebrueck
geutebrueck
>>g-cam_ebc-2110_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2110_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2110_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2110>>*
cpe:2.3:h:geutebrueck:g-cam_ebc-2110:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2111_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2111_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2111_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2111>>*
cpe:2.3:h:geutebrueck:g-cam_ebc-2111:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2241_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2241_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2241_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2241>>*
cpe:2.3:h:geutebrueck:g-cam_efd-2241:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2250_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2250_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2250_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_efd-2250>>*
cpe:2.3:h:geutebrueck:g-cam_efd-2250:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2230_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2230_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2230_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2230>>*
cpe:2.3:h:geutebrueck:g-cam_ethc-2230:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2239_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2239_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2239_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2239>>*
cpe:2.3:h:geutebrueck:g-cam_ethc-2239:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2240_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2240_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2240_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2240>>*
cpe:2.3:h:geutebrueck:g-cam_ethc-2240:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2249_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2249_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2249_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ethc-2249>>*
cpe:2.3:h:geutebrueck:g-cam_ethc-2249:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ewpc-2270_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ewpc-2270_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ewpc-2270_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ewpc-2270>>*
cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_eec-2400_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_eec-2400_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_eec-2400_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_eec-2400>>*
cpe:2.3:h:geutebrueck:g-code_eec-2400:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_een-2010_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-code_een-2010_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_een-2010_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-code_een-2010_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_een-2010_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-code_een-2010_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_een-2010>>*
cpe:2.3:h:geutebrueck:g-code_een-2010:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_een-2040_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-code_een-2040_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_een-2040_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-code_een-2040_firmware:1.12.13.2:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_een-2040_firmware>>1.12.14.5
cpe:2.3:o:geutebrueck:g-code_een-2040_firmware:1.12.14.5:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-code_een-2040>>*
cpe:2.3:h:geutebrueck:g-code_een-2040:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2112_firmware>>Versions up to 1.12.0.27(inclusive)
cpe:2.3:o:geutebrueck:g-cam_ebc-2112_firmware:*:*:*:*:*:*:*:*
geutebrueck
geutebrueck
>>g-cam_ebc-2112_firmware>>1.12.13.2
cpe:2.3:o:geutebrueck:g-cam_ebc-2112_firmware:1.12.13.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Primaryinfo@cert.vde.com
CWE ID: CWE-121
Type: Primary
Source: info@cert.vde.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03info@cert.vde.com
Third Party Advisory
US Government Resource
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/info@cert.vde.com
Exploit
Third Party Advisory
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03
Source: info@cert.vde.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/
Source: info@cert.vde.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

264Records found
CVE-2023-49910
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG-0.04%
Published-09 Apr, 2024 | 14:12
Updated-21 Aug, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-eap225eap115_firmwareeap225_firmwareeap115N300 Wireless Access Point (EAP115)AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)ac1350_firmwaren300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49906
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG-0.04%
Published-09 Apr, 2024 | 14:12
Updated-21 Aug, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-eap225eap225_firmwareN300 Wireless Access Point (EAP115)AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)ac1350_firmwaren300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49867
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-4.14% / 88.19%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-02 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitWBR-6013rtl819x Jungle SDKrtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7603
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.22% / 44.96%
||
7 Day CHG+0.10%
Published-14 Jul, 2025 | 12:14
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100 HTTP Request jingx.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-DI-8100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-49908
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG-0.04%
Published-09 Apr, 2024 | 14:12
Updated-21 Aug, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-eap225eap225_firmwareN300 Wireless Access Point (EAP115)AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)ac1350_firmwaren300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49911
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG-0.04%
Published-09 Apr, 2024 | 14:12
Updated-21 Aug, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-eap225eap115_firmwareeap225_firmwareeap115N300 Wireless Access Point (EAP115)AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)ac1350_firmwaren300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50244
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-5.34% / 89.67%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-02 Aug, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter.

Action-Not Available
Vendor-LevelOnelevel_oneRealtek Semiconductor Corp.
Product-WBR-6013rtl819x Jungle SDKrtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-49909
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG-0.04%
Published-09 Apr, 2024 | 14:12
Updated-21 Aug, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-eap225eap225_firmwareN300 Wireless Access Point (EAP115)AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)ac1350_firmwaren300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49912
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG-0.04%
Published-09 Apr, 2024 | 14:12
Updated-21 Aug, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-eap225eap115_firmwareeap225_firmwareeap115N300 Wireless Access Point (EAP115)AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)ac1350_firmwaren300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6322
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-7.2||HIGH
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 12:08
Updated-11 Feb, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based buffer overflow in message parser functionality

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

Action-Not Available
Vendor-wyzerokuthroughtekRokuWyzewyzeroku
Product-indoor_camera_se_firmwarecam_v3_firmwareindoor_camera_sekalay_platformcam_v3Indoor Camera SECam v3cam_v3indoor_camera_se
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49073
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 51.71%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-02 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-LevelOnelevel_oneRealtek Semiconductor Corp.
Product-WBR-6013rtl819x Jungle SDKrtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-49913
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG-0.04%
Published-09 Apr, 2024 | 14:12
Updated-21 Aug, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-eap225eap115_firmwareeap225_firmwareeap115N300 Wireless Access Point (EAP115)AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)ac1350_firmwaren300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49595
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 51.71%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-02 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitWBR-6013rtl819x Jungle SDKrtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-7213
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 25.12%
||
7 Day CHG~0.00%
Published-07 Jan, 2024 | 19:00
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N350RT HTTP POST Request main stack-based overflow

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n350rt_firmwaren350rtN350RT
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-2923
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.70%
||
7 Day CHG~0.00%
Published-27 May, 2023 | 07:31
Updated-02 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6 fromDhcpListClient stack-based overflow

A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6_firmwareac6AC6
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28703
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.37% / 58.11%
||
7 Day CHG~0.00%
Published-02 Jun, 2023 | 00:00
Updated-08 Jan, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS RT-AC86U - Buffer Overflow

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-rt-ac86u_firmwarert-ac86uRT-AC86U
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-7602
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.22% / 44.96%
||
7 Day CHG+0.10%
Published-14 Jul, 2025 | 12:02
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100 HTTP Request arp_sys.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-DI-8100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-25111
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25094
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25124
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-19 Nov, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25101
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-18 Nov, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25087
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-15 Nov, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25113
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25107
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25123
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-18 Nov, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25095
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25085
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25098
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-15 Nov, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25116
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25086
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-15 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25082
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-15 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25099
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-19 Nov, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25090
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25096
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25083
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25092
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25105
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25112
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-18 Nov, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25110
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25109
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25115
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25118
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25091
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25104
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.27%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25081
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-15 Nov, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25102
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25108
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25122
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25093
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25114
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found