A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMilesight Ur32l
HWMilesightwszystkie wersjeMilesight Ur32l Firmware
OSMilesight32.3.0.7-r2
Related vulnerabilities
A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A speci...
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to acce...
An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight...
An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR3...
An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR3...