Login Sign Up

CVE-2023-24582

8.8 HIGH
Remote Code Execution

📋 TL;DR

Two OS command injection vulnerabilities in Milesight UR32L routers allow remote attackers to execute arbitrary commands via specially crafted TCP packets. This affects UR32L routers running vulnerable firmware, potentially giving attackers full control over affected devices.

💻 Affected Systems

Products:
  • Milesight UR32L
Versions: v32.3.0.5 and likely earlier versions
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the urvpn_client component's cmd_name_action functionality. All devices with vulnerable firmware exposed to network are at risk.

📦 What is this software?

Ur32l Firmware by Milesight

View all CVEs affecting Ur32l Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent backdoors, pivot to internal networks, intercept traffic, or use device as botnet node.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, network reconnaissance, and lateral movement within the network.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH - Directly exploitable via network requests without authentication.
🏢 Internal Only: HIGH - Exploitable from any network segment with access to device management interface.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Vulnerability details are public but no public exploit code. TCP-based exploitation makes weaponization straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Milesight security advisory for latest patched version

Vendor Advisory: https://www.milesight.com/security/

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download latest firmware from Milesight support portal. 3. Upload firmware via web interface. 4. Reboot device after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate UR32L devices from untrusted networks using firewall rules

Access Control Lists

linux

Restrict TCP access to device management interfaces to trusted IPs only

iptables -A INPUT -p tcp --dport [UR32L_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [UR32L_PORT] -j DROP

🧯 If You Can't Patch

  • Segment UR32L devices in isolated VLAN with strict firewall rules
  • Implement network monitoring for suspicious traffic to UR32L management ports

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at System > Maintenance > Firmware

Check Version:

Login to web interface and navigate to System > Maintenance > Firmware section

Verify Fix Applied:

Confirm firmware version is updated beyond v32.3.0.5 and test with vulnerability scanner

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in system logs
  • Failed authentication attempts followed by command execution

Network Indicators:

  • TCP packets to UR32L management ports containing shell metacharacters
  • Unexpected outbound connections from UR32L devices

SIEM Query:

source="ur32l" AND (cmd_name_action OR "urvpn_client") AND (exec OR system OR "$" OR "|")

📊 Metadata

CVE ID: CVE-2023-24582
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: July 6, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24582, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)