CVE-2023-43261

Summary

CVE	CVE-2023-43261
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-10-04 12:15:00 UTC
Updated	2024-02-05 17:15:00 UTC
Description	An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

Risk And Classification

Problem Types: CWE-532

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Milesight	Ur32	-	All	All	All
Hardware	Milesight	Ur32l	-	All	All	All
Operating System	Milesight	Ur32l Firmware	All	All	All	All
Operating System	Milesight	Ur32 Firmware	All	All	All	All
Hardware	Milesight	Ur35	-	All	All	All
Operating System	Milesight	Ur35 Firmware	All	All	All	All
Hardware	Milesight	Ur41	-	All	All	All
Operating System	Milesight	Ur41 Firmware	All	All	All	All
Hardware	Milesight	Ur51	-	All	All	All
Hardware	Milesight	Ur52	-	All	All	All
Hardware	Milesight	Ur55	-	All	All	All
Operating System	Milesight	Ur5x Firmware	All	All	All	All

References

Reference	Source	Link	Tags
ur5x.com	MISC	ur5x.com
Support : IoT Support	MISC	support.milesight-iot.com
packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-L...		packetstormsecurity.com
GitHub - win3zz/CVE-2023-43261: CVE-2023-43261 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption	MISC	github.com
Milesight \| 5G, AI, IoT and LoRaWAN	MISC	milesight.com
Inside the Router: How I Accessed Industrial Routers and Reported the Flaws \| by Bipin Jitiya \| Oct, 2023 \| Medium		medium.com
Inside the Router: How I Accessed Industrial Routers and Reported the Flaws \| by Bipin Jitiya \| Oct, 2023 \| Medium	MISC	medium.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.