An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
References
Link | Resource |
---|---|
http://milesight.com | Product |
http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html | |
http://ur5x.com | Broken Link Not Applicable |
https://github.com/win3zz/CVE-2023-43261 | Exploit Third Party Advisory |
https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf | |
https://support.milesight-iot.com/support/home | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
05 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 04:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
11 Oct 2023, 17:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur5x_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:* cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:* cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Milesight ur32l Firmware
Milesight ur51 Milesight ur41 Firmware Milesight ur5x Firmware Milesight ur41 Milesight ur32l Milesight ur52 Milesight Milesight ur55 Milesight ur35 Milesight ur32 Milesight ur32 Firmware Milesight ur35 Firmware |
|
References | (MISC) http://milesight.com - Product | |
References | (MISC) https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf - Exploit | |
References | (MISC) http://ur5x.com - Broken Link, Not Applicable | |
References | (MISC) https://github.com/win3zz/CVE-2023-43261 - Exploit, Third Party Advisory | |
References | (MISC) https://support.milesight-iot.com/support/home - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-532 |
04 Oct 2023, 12:56
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-04 12:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-43261
Mitre link : CVE-2023-43261
CVE.ORG link : CVE-2023-43261
JSON object : View
Products Affected
milesight
- ur32l
- ur35_firmware
- ur35
- ur51
- ur41_firmware
- ur32
- ur52
- ur41
- ur5x_firmware
- ur32_firmware
- ur55
- ur32l_firmware
CWE
CWE-532
Insertion of Sensitive Information into Log File