A vulnerability was found in Milesight UR32L 32.3.0.5 and classified as critical. Affected by this issue is the function set_gre of the file vtysh_ubus of the component HTTP Request Handler. The manipulation of the argument local_virtual_ip/local_virtual_mask with an unknown input leads to a buffer overflow vulnerability. Using CWE to declare the problem leads to CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.

The weakness was shared 07/06/2023 as TALOS-2023-1716. The advisory is shared for download at talosintelligence.com. This vulnerability is handled as CVE-2023-25106 since 02/02/2023. Technical details as well as a public exploit are known.

The exploit is available at talosintelligence.com. It is declared as proof-of-concept.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-233195, VDB-233197, VDB-233198 and VDB-233199 are related to this item.

Productinfo

Vendor

• Milesight

Name

• UR32L

Version

• 32.3.0.5

License

• commercial

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion