CVE-2023-24519 – This CVE describes two OS command injection vul... (How to Fix)

Q: What is the severity of CVE-2023-24519?

CVE-2023-24519 has a CVSS score of 8.8 (HIGH). This CVE describes two OS command injection vulnerabilities in the Milesight UR32L router's vtysh_ubus toolsh_excute functionality. Attackers can execute arbitrary commands on affected devices by sending specially-crafted network requests to the ping utility. This affects Milesight UR32L router users running vulnerable firmware versions.

📋 TL;DR

This CVE describes two OS command injection vulnerabilities in the Milesight UR32L router's vtysh_ubus toolsh_excute functionality. Attackers can execute arbitrary commands on affected devices by sending specially-crafted network requests to the ping utility. This affects Milesight UR32L router users running vulnerable firmware versions.

💻 Affected Systems

Products:

Milesight UR32L

Versions: v32.3.0.5 and likely earlier versions

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default vtysh_ubus component used for system utilities.

📦 What is this software?

Ur32l Firmware by Milesight

View all CVEs affecting Ur32l Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, intercept traffic, or use the device for botnet activities.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, network reconnaissance, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via network requests, making internet-facing devices immediate targets.

🏢 Internal Only: HIGH - Even internally, attackers who gain network access can exploit this vulnerability to compromise devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The Talos Intelligence report includes technical details that could be used to create exploits. The vulnerability is in a network-accessible utility function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found at time of analysis

Restart Required: Yes

Instructions:

1. Check Milesight support for firmware updates. 2. If update available, download from official source. 3. Backup configuration. 4. Apply firmware update via web interface. 5. Verify update and restore configuration if needed.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the UR32L management interface using firewall rules

Disable Unnecessary Services

linux

Disable or restrict access to vtysh_ubus services if not required

🧯 If You Can't Patch

Segment UR32L devices on isolated network VLANs with strict firewall rules
Implement network monitoring for unusual ping utility usage or command injection patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > Status) or CLI. If version is v32.3.0.5 or earlier, assume vulnerable.

Check Version:

ssh admin@router-ip 'cat /etc/version' or check web interface System > Status

Verify Fix Applied:

Verify firmware version has been updated beyond v32.3.0.5 and test ping functionality with controlled inputs.

📡 Detection & Monitoring

Log Indicators:

Unusual ping command patterns in system logs
Unexpected process execution from vtysh_ubus
Failed authentication attempts followed by ping utility usage

Network Indicators:

Unusual network traffic to UR32L management interface
Ping requests with abnormal parameters or payloads
Outbound connections from UR32L to unexpected destinations

SIEM Query:

source="ur32l_logs" AND (process="vtysh_ubus" OR command="ping") AND (payload CONTAINS ";" OR payload CONTAINS "|" OR payload CONTAINS "`")

📊 Metadata

CVE ID: CVE-2023-24519

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: July 6, 2023

Last Updated: November 4, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1706 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1706 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1706

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24519, you might also want to check these: