Two OS command injection vulnerability exist in the...
High severity
Unreviewed
Published
Jul 6, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jul 6, 2023
Published to the GitHub Advisory Database
Jul 6, 2023
Last updated
Apr 4, 2024
Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility.
References