CVE-2023-25111

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
CWE-121
View all →

Vulnerability Description

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.

Related Vulnerabilities

CVE-2019-10193

HIGH
CVSS:7.2(High)

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRAN...

CWE-1212019

CVE-2019-15695

HIGH
CVSS:7.2(High)

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFor...

CWE-1212019

CVE-2020-1990

HIGH
CVSS:7.2(High)

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root ...

CWE-1212020

CVE-2020-2027

HIGH
CVSS:7.2(High)

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root ...

CWE-1212020

CVE-2020-2042

HIGH
CVSS:7.2(High)

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This...

CWE-1212020

CVE-2021-1159

HIGH
CVSS:7.2(High)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code...

CWE-1212021