Vulnerability — CVE-2023-25582

CVE-2023-25582

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-25582
Description:: Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.
Last updated date:: 07/12/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/12/2023
Reference url to background: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1723