Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-43261

Published: 04/10/2023 Updated: 05/02/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Milesight

Vulnerability Summary

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows malicious users to access sensitive router components.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

milesight ur5x_firmware

milesight ur32l_firmware

milesight ur32_firmware

milesight ur35_firmware

milesight ur41_firmware

Exploits

Exploit DB: Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption ...

Github Repositories

https://github.com/win3zz/CVE-2023-43261

CVE-2023-43261 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

CVE-2023-43261 - PoC Critical Vulnerability Exposes Sensitive Information and Enables Unauthorized Access in Milesight Routers Date: 1 October 2023 Vendor of the product: Milesight (Formerly Xiamen Ursalink Technology Co, Ltd) Affected Products: UR5X, UR32L, UR32, UR35, UR41 and there might be other Industrial Cellular Routers that could also be vulnerable Affected Firmware

References

CWE-532http://ur5x.comhttps://support.milesight-iot.com/support/homehttps://github.com/win3zz/CVE-2023-43261http://milesight.comhttps://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdfhttp://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.htmlhttps://nvd.nist.govhttps://github.com/win3zz/CVE-2023-43261https://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook