Critical Remote Code Execution Vulnerability Patched in Milesight IoT Devices

CVECVE-2023-23902
CVSScvssV3_1: 9.8
SourceCVE-2023-23902

Milesight is an IoT company that provides devices for remote monitoring and management. A critical vulnerability was recently discovered in their UR32L IoT devices that could allow remote attackers to take complete control of affected systems.

The vulnerability exists in the web server (uhttpd) component of Milesight UR32L devices running version 32.3.0.5 and below. By sending a specially crafted request to the login page, an attacker could exploit a buffer overflow error and execute arbitrary code remotely. This would give the attacker full control over the device as if they were physically present.

Buffer overflows occur when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. By manipulating the input data, an attacker can insert their own executable code into the overflowed buffer and have the processor execute it. This allows the attacker to completely compromise the vulnerable system.

Milesight has released an updated firmware version to address this issue. System administrators and IoT operators using affected Milesight devices are strongly recommended to upgrade to the latest firmware version immediately. Proper network segmentation and access controls should also be reviewed to limit exposure of these devices to potential attackers on the public internet.

By taking prompt action to patch vulnerable systems, users can protect themselves and their organizations from this serious remote exploit. Staying vigilant about security updates is crucial for any internet-connected devices, especially those in industrial and critical infrastructure environments.

References