CVE-2023-25110 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2023-25110?

CVE-2023-25110 has a CVSS score of 7.2 (HIGH). This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially crafted HTTP requests. The buffer overflow occurs in the vtysh_ubus binary's set_gre function due to unsafe sprintf usage. Only UR32L routers running vulnerable firmware versions are affected.

📋 TL;DR

This vulnerability allows authenticated attackers with high privileges to execute arbitrary code on Milesight UR32L routers by sending specially crafted HTTP requests. The buffer overflow occurs in the vtysh_ubus binary's set_gre function due to unsafe sprintf usage. Only UR32L routers running vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Milesight UR32L

Versions: v32.3.0.5 and possibly earlier versions

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have high-privilege credentials to access the vulnerable HTTP interface.

📦 What is this software?

Ur32l Firmware by Milesight

View all CVEs affecting Ur32l Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install persistent backdoors, pivot to internal networks, or disrupt network operations.

🟠

Likely Case

Privilege escalation leading to unauthorized configuration changes, network traffic interception, or denial of service.

🟢

If Mitigated

Limited impact if proper network segmentation and privilege controls prevent high-privilege access to vulnerable interfaces.

🌐 Internet-Facing: MEDIUM - Requires authenticated high-privilege access, but HTTP interfaces may be exposed.

🏢 Internal Only: HIGH - Internal attackers with administrative credentials can exploit this for full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires high-privilege credentials and knowledge of the vulnerable HTTP endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Milesight security advisories for patch availability. 2. Download latest firmware from vendor portal. 3. Upload firmware via web interface. 4. Apply and reboot device.

🔧 Temporary Workarounds

Restrict HTTP Interface Access

linux

Limit access to the router's HTTP management interface to trusted networks only.

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_NETWORK -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

Disable Unused Features

all

Disable GRE tunneling features if not required for network operations.

🧯 If You Can't Patch

Implement strict network segmentation to isolate UR32L routers from untrusted networks
Enforce principle of least privilege for administrative accounts and monitor for suspicious HTTP requests

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface or CLI. If version is v32.3.0.5 or earlier, device is likely vulnerable.

Check Version:

cat /etc/version or check web interface System Information page

Verify Fix Applied:

Verify firmware version has been updated to a version later than v32.3.0.5.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to vtysh_ubus endpoints
Multiple failed authentication attempts followed by successful login

Network Indicators:

HTTP traffic to router management interface containing GRE configuration parameters
Unusual outbound connections from router after HTTP requests

SIEM Query:

source="router_logs" AND (uri="*vtysh_ubus*" OR method="POST") AND (user="admin" OR user="root")

📊 Metadata

CVE ID: CVE-2023-25110

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: July 6, 2023

Last Updated: November 4, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1716

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25110, you might also want to check these: