Vulnerability Details CVE-2023-22653
An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.3%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-22653
-
cpe:2.3:h:milesight:ur32l:-
-
cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5