The Milesight UR32L is a 4G industrial router from China’s Milesight. A command execution vulnerability exists in the Milesight UR32L urvpn_client cmd_name_action function, which can be exploited by an attacker to execute arbitrary commands on the system.