OTPulse
FeedAboutContact

Milesight UG65-868M-EA

Monitor6.8ICS-CERT ICSA-25-126-02May 6, 2025
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

A command injection vulnerability in Milesight UG65-868M-EA firmware allows users with administrative privileges to inject and execute arbitrary shell commands. The vulnerability exists in an input field that does not properly sanitize command syntax before execution. Milesight has released firmware version 60.0.0.46 to address this issue.

What this means
What could happen
An administrator who is compromised or acting maliciously could inject arbitrary shell commands on the UG65 gateway, potentially altering data processing, forwarding false sensor readings, or disrupting connectivity to downstream control systems.
Who's at risk
Water utilities and municipalities using Milesight UG65-868M-EA LoRaWAN gateways for sensor data collection (e.g., water pressure, flow, or tank level monitoring). Any organization relying on this gateway for real-time operational data should review their admin access controls.
How it could be exploited
An attacker with valid admin credentials (or who has compromised an admin account) logs into the UG65 gateway's web interface or management API and injects shell commands through an input field that does not properly sanitize command syntax. The gateway executes these commands with system privileges.
Prerequisites
  • Valid administrative credentials for the UG65 gateway
  • Network access to the gateway's management interface (typically port 80/443 or SSH port 22)
  • Knowledge of command injection syntax relevant to the gateway's operating system
Requires high privilege (admin credentials)Network-based attack vectorLow attack complexityNo patch available yet
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
UG65-868M-EA: <Firmware_60.0.0.46<Firmware 60.0.0.4660.0.0.46
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict administrative access to the UG65 gateway to a minimal set of authorized personnel using role-based access control and strong authentication
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate UG65-868M-EA firmware to version 60.0.0.46 or later
Long-term hardening
0/2
HARDENINGPlace the UG65 gateway on a segmented network isolated from the Internet and from business networks; require VPN or jump-host access for remote administration
HARDENINGIf remote access to the gateway is required, enforce access through a VPN with current security patches and multi-factor authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/85672b38-8598-4333-a64b-dac1e6814ff6