‼ CVE-2022-48520 ‼
📖 Read
via "National Vulnerability Database".
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48517 ‼
📖 Read
via "National Vulnerability Database".
Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3456 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48509 ‼
📖 Read
via "National Vulnerability Database".
Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48516 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48519 ‼
📖 Read
via "National Vulnerability Database".
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37239 ‼
📖 Read
via "National Vulnerability Database".
Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1695 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25090 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25089 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25091 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25086 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25094 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23571 ‼
📖 Read
via "National Vulnerability Database".
An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23902 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25084 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25093 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24595 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-37125 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25121 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25081 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables.📖 Read
via "National Vulnerability Database".