Vulnerability Details CVE-2023-43261
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.931
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 7.5
References
- http://milesight.com
- http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html
- http://ur5x.com
- https://github.com/win3zz/CVE-2023-43261
- https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
- https://support.milesight-iot.com/support/home
- http://milesight.com
- http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html
- http://ur5x.com
- https://github.com/win3zz/CVE-2023-43261
- https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
- https://support.milesight-iot.com/support/home
Products affected by CVE-2023-43261
-
cpe:2.3:h:milesight:ur32:-
-
cpe:2.3:h:milesight:ur32l:-
-
cpe:2.3:h:milesight:ur35:-
-
cpe:2.3:h:milesight:ur41:-
-
cpe:2.3:h:milesight:ur51:-
-
cpe:2.3:h:milesight:ur52:-
-
cpe:2.3:h:milesight:ur55:-
-
cpe:2.3:o:milesight:ur32_firmware:-
-
cpe:2.3:o:milesight:ur32l_firmware:-
-
cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5
-
cpe:2.3:o:milesight:ur32l_firmware:32.3.0.7-r2
-
cpe:2.3:o:milesight:ur35_firmware:-
-
cpe:2.3:o:milesight:ur41_firmware:-
-
cpe:2.3:o:milesight:ur5x_firmware:*