Vulnerability Details CVE-2023-25582
Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.4%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2023-25582
-
cpe:2.3:h:milesight:ur32l:-
-
cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5