Cisco’s Talos security researchers have discovered dozens of vulnerabilities in the Milesight UR32L industrial router that could be exploited to execute arbitrary code or commands. The most severe vulnerability, CVE-2023-23902, is a buffer overflow issue in the router’s HTTP server login functionality that could lead to remote code execution. Of the 69 Common Vulnerabilities and Exposures (CVEs) identified, 63 affect the industrial router. The vulnerabilities were reported to the vendor in February 2023, but no software updates have been released yet. The vulnerabilities were discovered as part of a broader research initiative focused on SOHO router bugs.
Read more: https://www.securityweek.com/dozens-of-rce-vulnerabilities-impact-milesight-industrial-router/