Avatar
Herjan Security 2y ago

Dozens of RCE Vulnerabilities Impact Milesight Industrial Router

#Milesight #IndustrialRouter #RCEVulnerabilities #Cybersecurity

Cisco Talos researchers warn of critical vulnerabilities in the Milesight UR32L industrial router that could lead to remote code execution.

#CiscoTalos #UR32LRouter #SecurityVulnerabilities #RemoteCodeExecution

The most severe vulnerability is a buffer overflow in the router's HTTP server login functionality, allowing pre-authentication remote stack-based buffer overflow and remote command execution.

#BufferOverflow #HTTPServer #RouterLogin #RemoteCommandExecution

An authentication bypass in the MilesightVPN software could facilitate arbitrary code execution on the device, exploiting the router's vulnerabilities.

#MilesightVPN #AuthenticationBypass #ArbitraryCodeExecution

The vulnerabilities were reported to the vendor in February 2023, but no software update has been released to address them.

#VendorResponse #SoftwareUpdate #UnpatchedVulnerabilities

https://www.securityweek.com/dozens-of-rce-vulnerabilities-impact-milesight-industrial-router/

Reply to this note

Please Login to reply.

Discussion

No replies yet.