CVE-2023-43261

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:milesight:ur5x_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*

History

05 Feb 2024, 17:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html -

07 Nov 2023, 04:21

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf', 'name': 'https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf', 'tags': ['Exploit'], 'refsource': 'MISC'}
  • () https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf -

11 Oct 2023, 17:39

Type Values Removed Values Added
CPE cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur5x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
First Time Milesight ur32l Firmware
Milesight ur51
Milesight ur41 Firmware
Milesight ur5x Firmware
Milesight ur41
Milesight ur32l
Milesight ur52
Milesight
Milesight ur55
Milesight ur35
Milesight ur32
Milesight ur32 Firmware
Milesight ur35 Firmware
References (MISC) http://milesight.com - (MISC) http://milesight.com - Product
References (MISC) https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf - (MISC) https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf - Exploit
References (MISC) http://ur5x.com - (MISC) http://ur5x.com - Broken Link, Not Applicable
References (MISC) https://github.com/win3zz/CVE-2023-43261 - (MISC) https://github.com/win3zz/CVE-2023-43261 - Exploit, Third Party Advisory
References (MISC) https://support.milesight-iot.com/support/home - (MISC) https://support.milesight-iot.com/support/home - Product
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-532

04 Oct 2023, 12:56

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-04 12:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-43261

Mitre link : CVE-2023-43261

CVE.ORG link : CVE-2023-43261


JSON object : View

Products Affected

milesight

  • ur32l
  • ur35_firmware
  • ur35
  • ur51
  • ur41_firmware
  • ur32
  • ur52
  • ur41
  • ur5x_firmware
  • ur32_firmware
  • ur55
  • ur32l_firmware
CWE
CWE-532

Insertion of Sensitive Information into Log File