Milesight: Security Vulnerabilities
An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-05-07
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-02
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic
CVSS Score
9.1
EPSS Score
0.0
Published
2024-06-02
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.1
EPSS Score
0.001
Published
2024-06-02
MileSight DeviceHub -
CWE-305 Missing Authentication for Critical Function
CVSS Score
10.0
EPSS Score
0.001
Published
2024-06-02
MileSight DeviceHub -
CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
CVSS Score
9.8
EPSS Score
0.0
Published
2024-06-02
MileSight DeviceHub -
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE
CVSS Score
9.8
EPSS Score
0.003
Published
2024-06-02
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-01
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-10-05
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
CVSS Score
7.5
EPSS Score
0.931
Published
2023-10-04
Page 1