CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 1CVE-2023-43260
https://notcve.org/view.php?id=CVE-2023-43260
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. Se descubrió que Milesight UR5X, UR32L, UR32, UR35, UR41 anteriores a v35.3.0.7 contenían una vulnerabilidad de Cross-Site Scripting (XSS) a través del panel de administración. • https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 1CVE-2023-43261 – Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
https://notcve.org/view.php?id=CVE-2023-43261
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. Una divulgación de información en Milesight UR5X, UR32L, UR32, UR35, UR41 anterior a v35.3.0.7 permite a los atacantes acceder a componentes confidenciales del router. Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption. • https://github.com/win3zz/CVE-2023-43261 http://milesight.com http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html http://ur5x.com https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf https://support.milesight-iot.com/support/home • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-23550
https://notcve.org/view.php?id=CVE-2023-23550
An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1694 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-23547
https://notcve.org/view.php?id=CVE-2023-23547
A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-23571
https://notcve.org/view.php?id=CVE-2023-23571
An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1696 • CWE-126: Buffer Over-read •