// For flags

CVE-2023-43261

Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

Una divulgación de información en Milesight UR5X, UR32L, UR32, UR35, UR41 anterior a v35.3.0.7 permite a los atacantes acceder a componentes confidenciales del router.

Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-09-18 CVE Reserved
  • 2023-10-04 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-532: Insertion of Sensitive Information into Log File
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Milesight
Search vendor "Milesight"
Ur5x Firmware
Search vendor "Milesight" for product "Ur5x Firmware"
< 35.3.0.7
Search vendor "Milesight" for product "Ur5x Firmware" and version " < 35.3.0.7"
-
Affected
in Milesight
Search vendor "Milesight"
Ur51
Search vendor "Milesight" for product "Ur51"
--
Safe
Milesight
Search vendor "Milesight"
Ur5x Firmware
Search vendor "Milesight" for product "Ur5x Firmware"
< 35.3.0.7
Search vendor "Milesight" for product "Ur5x Firmware" and version " < 35.3.0.7"
-
Affected
in Milesight
Search vendor "Milesight"
Ur52
Search vendor "Milesight" for product "Ur52"
--
Safe
Milesight
Search vendor "Milesight"
Ur5x Firmware
Search vendor "Milesight" for product "Ur5x Firmware"
< 35.3.0.7
Search vendor "Milesight" for product "Ur5x Firmware" and version " < 35.3.0.7"
-
Affected
in Milesight
Search vendor "Milesight"
Ur55
Search vendor "Milesight" for product "Ur55"
--
Safe
Milesight
Search vendor "Milesight"
Ur32l Firmware
Search vendor "Milesight" for product "Ur32l Firmware"
< 35.3.0.7
Search vendor "Milesight" for product "Ur32l Firmware" and version " < 35.3.0.7"
-
Affected
in Milesight
Search vendor "Milesight"
Ur32l
Search vendor "Milesight" for product "Ur32l"
--
Safe
Milesight
Search vendor "Milesight"
Ur32 Firmware
Search vendor "Milesight" for product "Ur32 Firmware"
< 35.3.0.7
Search vendor "Milesight" for product "Ur32 Firmware" and version " < 35.3.0.7"
-
Affected
in Milesight
Search vendor "Milesight"
Ur32
Search vendor "Milesight" for product "Ur32"
--
Safe
Milesight
Search vendor "Milesight"
Ur35 Firmware
Search vendor "Milesight" for product "Ur35 Firmware"
< 35.3.0.7
Search vendor "Milesight" for product "Ur35 Firmware" and version " < 35.3.0.7"
-
Affected
in Milesight
Search vendor "Milesight"
Ur35
Search vendor "Milesight" for product "Ur35"
--
Safe
Milesight
Search vendor "Milesight"
Ur41 Firmware
Search vendor "Milesight" for product "Ur41 Firmware"
< 35.3.0.7
Search vendor "Milesight" for product "Ur41 Firmware" and version " < 35.3.0.7"
-
Affected
in Milesight
Search vendor "Milesight"
Ur41
Search vendor "Milesight" for product "Ur41"
--
Safe