Vulnerabilidades em Milesight
93 resultadosCVE-2023-22653HIGHAn OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafEPSS 6.8%CVE-2023-22659HIGHAn os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafEPSS 3.6%CVE-2023-24595HIGHAn OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A speciallyEPSS 3.6%CVE-2023-22299HIGHAn OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted EPSS 3.5%CVE-2023-23550HIGHAn OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafteEPSS 3.5%CVE-2023-24519HIGHTwo OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A speciEPSS 3.5%CVE-2023-24520HIGHTwo OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A speciEPSS 3.5%CVE-2023-22306HIGHAn OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially craftedEPSS 3.4%CVE-2023-25582HIGHTwo OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted networEPSS 3.4%CVE-2023-25583HIGHTwo OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted networEPSS 3.4%CVE-2023-22371HIGHAn os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafteEPSS 3.3%CVE-2016-2356—Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.EPSS 3.2%CVE-2016-2359—Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultanEPSS 3.1%CVE-2023-24582HIGHTwo OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially cEPSS 2.9%CVE-2023-24583HIGHTwo OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially cEPSS 2.9%CVE-2023-22365HIGHAn OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially EPSS 2.1%CVE-2016-2357—Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.EPSS 2.1%CVE-2016-2360—Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' inEPSS 2.1%CVE-2016-2358—Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessiblEPSS 2.1%CVE-2023-23902CRITICALA buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request cEPSS 1.9%