7.5

CVE-2023-43261

Exploit
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MilesightUr5x Firmware Version < 35.3.0.7
   MilesightUr51 Version-
   MilesightUr52 Version-
   MilesightUr55 Version-
MilesightUr32l Firmware Version < 35.3.0.7
   MilesightUr32l Version-
MilesightUr32 Firmware Version < 35.3.0.7
   MilesightUr32 Version-
MilesightUr35 Firmware Version < 35.3.0.7
   MilesightUr35 Version-
MilesightUr41 Firmware Version < 35.3.0.7
   MilesightUr41 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 60.11% 0.99
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

http://milesight.com
Product
http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html
http://ur5x.com
Broken Link
Not Applicable
https://github.com/win3zz/CVE-2023-43261
Third Party Advisory
Exploit
https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
https://support.milesight-iot.com/support/home
Product