CVE-2023-43261

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:milesight:ur5x_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:23

Type Values Removed Values Added
References () http://milesight.com - Product () http://milesight.com - Product
References () http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html - () http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html -
References () http://ur5x.com - Broken Link, Not Applicable () http://ur5x.com - Broken Link, Not Applicable
References () https://github.com/win3zz/CVE-2023-43261 - Exploit, Third Party Advisory () https://github.com/win3zz/CVE-2023-43261 - Exploit, Third Party Advisory
References () https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf - () https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf -
References () https://support.milesight-iot.com/support/home - Product () https://support.milesight-iot.com/support/home - Product

05 Feb 2024, 17:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html -

07 Nov 2023, 04:21

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf', 'name': 'https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf', 'tags': ['Exploit'], 'refsource': 'MISC'}
  • () https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf -

11 Oct 2023, 17:39

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Milesight ur32l Firmware
Milesight ur51
Milesight ur41 Firmware
Milesight ur5x Firmware
Milesight ur41
Milesight ur32l
Milesight ur52
Milesight
Milesight ur55
Milesight ur35
Milesight ur32
Milesight ur32 Firmware
Milesight ur35 Firmware
CPE cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur5x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*
CWE CWE-532
References (MISC) http://milesight.com - (MISC) http://milesight.com - Product
References (MISC) https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf - (MISC) https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf - Exploit
References (MISC) http://ur5x.com - (MISC) http://ur5x.com - Broken Link, Not Applicable
References (MISC) https://github.com/win3zz/CVE-2023-43261 - (MISC) https://github.com/win3zz/CVE-2023-43261 - Exploit, Third Party Advisory
References (MISC) https://support.milesight-iot.com/support/home - (MISC) https://support.milesight-iot.com/support/home - Product

04 Oct 2023, 12:56

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-04 12:15

Updated : 2024-11-21 08:23


NVD link : CVE-2023-43261

Mitre link : CVE-2023-43261

CVE.ORG link : CVE-2023-43261


JSON object : View

Products Affected

milesight

  • ur32l_firmware
  • ur51
  • ur35_firmware
  • ur32_firmware
  • ur55
  • ur35
  • ur52
  • ur32
  • ur32l
  • ur5x_firmware
  • ur41_firmware
  • ur41
CWE
CWE-532

Insertion of Sensitive Information into Log File