exploitDog

CVE-2023-47166

Опубликовано: 01 мая 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1852

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:milesight:ur32l_firmware:32.3.0.7-r2:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00173

Низкий

8.8 High

CVSS3

Дефекты

CWE-285

CWE-306

Связанные уязвимости

GHSA-963g-qffh-rx88

CVSS3: 8.8

github

почти 2 года назад

A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.

EPSS

Процентиль: 39%

0.00173

Низкий

8.8 High

CVSS3

Дефекты

CWE-285

CWE-306