CVE-2023-43261
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
Una divulgación de información en Milesight UR5X, UR32L, UR32, UR35, UR41 anterior a v35.3.0.7 permite a los atacantes acceder a componentes confidenciales del router.
Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-18 CVE Reserved
- 2023-10-04 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (6)
URL | Date | SRC |
---|---|---|
https://github.com/win3zz/CVE-2023-43261 | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Milesight Search vendor "Milesight" | Ur5x Firmware Search vendor "Milesight" for product "Ur5x Firmware" | < 35.3.0.7 Search vendor "Milesight" for product "Ur5x Firmware" and version " < 35.3.0.7" | - |
Affected
| in | Milesight Search vendor "Milesight" | Ur51 Search vendor "Milesight" for product "Ur51" | - | - |
Safe
|
Milesight Search vendor "Milesight" | Ur5x Firmware Search vendor "Milesight" for product "Ur5x Firmware" | < 35.3.0.7 Search vendor "Milesight" for product "Ur5x Firmware" and version " < 35.3.0.7" | - |
Affected
| in | Milesight Search vendor "Milesight" | Ur52 Search vendor "Milesight" for product "Ur52" | - | - |
Safe
|
Milesight Search vendor "Milesight" | Ur5x Firmware Search vendor "Milesight" for product "Ur5x Firmware" | < 35.3.0.7 Search vendor "Milesight" for product "Ur5x Firmware" and version " < 35.3.0.7" | - |
Affected
| in | Milesight Search vendor "Milesight" | Ur55 Search vendor "Milesight" for product "Ur55" | - | - |
Safe
|
Milesight Search vendor "Milesight" | Ur32l Firmware Search vendor "Milesight" for product "Ur32l Firmware" | < 35.3.0.7 Search vendor "Milesight" for product "Ur32l Firmware" and version " < 35.3.0.7" | - |
Affected
| in | Milesight Search vendor "Milesight" | Ur32l Search vendor "Milesight" for product "Ur32l" | - | - |
Safe
|
Milesight Search vendor "Milesight" | Ur32 Firmware Search vendor "Milesight" for product "Ur32 Firmware" | < 35.3.0.7 Search vendor "Milesight" for product "Ur32 Firmware" and version " < 35.3.0.7" | - |
Affected
| in | Milesight Search vendor "Milesight" | Ur32 Search vendor "Milesight" for product "Ur32" | - | - |
Safe
|
Milesight Search vendor "Milesight" | Ur35 Firmware Search vendor "Milesight" for product "Ur35 Firmware" | < 35.3.0.7 Search vendor "Milesight" for product "Ur35 Firmware" and version " < 35.3.0.7" | - |
Affected
| in | Milesight Search vendor "Milesight" | Ur35 Search vendor "Milesight" for product "Ur35" | - | - |
Safe
|
Milesight Search vendor "Milesight" | Ur41 Firmware Search vendor "Milesight" for product "Ur41 Firmware" | < 35.3.0.7 Search vendor "Milesight" for product "Ur41 Firmware" and version " < 35.3.0.7" | - |
Affected
| in | Milesight Search vendor "Milesight" | Ur41 Search vendor "Milesight" for product "Ur41" | - | - |
Safe
|