The Milesight UR32L is a 4G industrial router from China-based Milesight. A command injection vulnerability exists in the Milesight UR32L vtysh_ubus tcpdump_start_cb function, which can be exploited by an attacker to execute arbitrary commands on the system.