CVE-2023-24018

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-24018
A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1715 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*
History

30 Oct 2023, 19:44

Type Values Removed Values Added
First Time Milesight ur32l Firmware
Milesight ur32l
CPE cpe:2.3:o:milesight:ur-32l_firmware:32.3.0.5:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur-32l:-:*:*:*:*:*:*:*		 cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*

02 Aug 2023, 15:34

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 8.8
CWE CWE-121 CWE-787

17 Jul 2023, 20:15

Type Values Removed Values Added
Summary A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send an HTTP request to trigger this vulnerability. A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.

13 Jul 2023, 18:24

Type Values Removed Values Added
References (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2023-1715 - (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2023-1715 - Exploit, Third Party Advisory
CPE cpe:2.3:o:milesight:ur-32l_firmware:32.3.0.5:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur-32l:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
First Time Milesight ur-32l Firmware
Milesight ur-32l
Milesight

06 Jul 2023, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1715', 'name': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1715', 'tags': [], 'refsource': 'MISC'}

06 Jul 2023, 17:15

Type Values Removed Values Added
References
  • (MISC) https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1715 -

06 Jul 2023, 15:16

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-06 15:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-24018

Mitre link : CVE-2023-24018

CVE.ORG link : CVE-2023-24018

JSON object : View

Products Affected

milesight

  • ur32l_firmware
  • ur32l
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow