CVE-2023-25119

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jul 6, 2023
Updated: Aug 2, 2023
CWE ID 787
CWE ID 121

Summary

CVE-2023-25119 is a newly disclosed vulnerability affecting the vtysh_ubus binary in Milesight UR32L v32.3.0.5. The issue stems from the use of an unsafe sprintf function, which creates multiple buffer overflow conditions. A maliciously crafted HTTP request can exploit these vulnerabilities, leading to arbitrary code execution. An attacker with sufficient privileges can send such requests to trigger the buffer overflow in the set_pptp function, specifically in the remote_subnet and remote_mask variables.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share