The Milesight UR32L is a 4G industrial router from China’s Milesight. A command injection vulnerability exists in the Milesight UR32L ys_thirdparty system_user_script function, which can be exploited by an attacker to execute arbitrary commands on the system.