CVE-2023-47166 - OpenCVE

A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Milesight	Ur32l Ur32l Firmware

Configuration 1 [-]

AND

cpe:2.3:o:milesight:ur32l_firmware:32.3.0.7-r2:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1852

History

Tue, 04 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Milesight ur32l Firmware
Weaknesses		CWE-306
CPEs		cpe:2.3:o:milesight:ur32l_firmware:32.3.0.7-r2:::::::*
Vendors & Products		Milesight ur32l Firmware
References		https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1852

Tue, 04 Nov 2025 18:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:h:milesight:ur32l:-:::::::*
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-05-01T15:31:02.072Z

Updated: 2025-11-04T17:12:52.905Z

Reserved: 2023-11-07T19:16:06.149Z

Link: CVE-2023-47166

Vulnrichment

Updated: 2025-11-04T17:12:52.905Z

NVD

Status : Modified

Published: 2024-05-01T16:15:06.807

Modified: 2025-11-04T18:15:42.433

Link: CVE-2023-47166

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-47166", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-11-07T19:16:06.149Z", "datePublished": "2024-05-01T15:31:02.072Z", "dateUpdated": "2025-11-04T17:12:52.905Z"}, "containers": {"cna": {"affected": [{"vendor": "Milesight", "product": "UR32L", "versions": [{"version": "v32.3.0.7-r2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-285: Improper Authorization", "type": "CWE", "cweId": "CWE-285"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-05-01T17:00:16.373Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47166", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-01T17:08:07.079892Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*"], "vendor": "milesight", "product": "ur32l", "versions": [{"status": "affected", "version": "32.3.0.7-r2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:33.388Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1852"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:12:52.905Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1852"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:12:52.905Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47166", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-01T17:08:07.079892Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*"], "vendor": "milesight", "product": "ur32l", "versions": [{"status": "affected", "version": "32.3.0.7-r2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T17:09:32.027Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Milesight", "product": "UR32L", "versions": [{"status": "affected", "version": "v32.3.0.7-r2"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852"}], "descriptions": [{"lang": "en", "value": "A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285: Improper Authorization"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-05-01T17:00:16.373Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47166", "state": "PUBLISHED", "dateUpdated": "2025-11-04T17:12:52.905Z", "dateReserved": "2023-11-07T19:16:06.149Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-05-01T15:31:02.072Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:milesight:ur32l_firmware:32.3.0.7-r2:*:*:*:*:*:*:*", "matchCriteriaId": "9BA0ADA6-58D8-4194-A8EE-5D8324211C79", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*", "matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de actualizaci\u00f3n de firmware en la funcionalidad de importaci\u00f3n de archivos luci2-io de Milesight UR32L v32.3.0.7-r2. Una solicitud de red especialmente manipulada puede provocar una actualizaci\u00f3n de firmware arbitraria. Un atacante puede enviar una solicitud de red para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-47166", "lastModified": "2025-11-04T18:15:42.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-05-01T16:15:06.807", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1852"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "[email protected]", "type": "Secondary"}]}