CVE-2023-43260
https://notcve.org/view.php?id=CVE-2023-43260
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. Se descubrió que Milesight UR5X, UR32L, UR32, UR35, UR41 anteriores a v35.3.0.7 contenían una vulnerabilidad de Cross-Site Scripting (XSS) a través del panel de administración. • https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43261 – Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
https://notcve.org/view.php?id=CVE-2023-43261
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. Una divulgación de información en Milesight UR5X, UR32L, UR32, UR35, UR41 anterior a v35.3.0.7 permite a los atacantes acceder a componentes confidenciales del router. Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption. • https://github.com/win3zz/CVE-2023-43261 http://milesight.com http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html http://ur5x.com https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf https://support.milesight-iot.com/support/home • CWE-532: Insertion of Sensitive Information into Log File •