Lucene search

[email protected]NVD:CVE-2023-43261

HistoryOct 04, 2023 - 12:15 p.m.

CVE-2023-43261

2023-10-0412:15:10

CWE-532

[email protected]

web.nvd.nist.gov

milesight

routers

v35.3.0.7

information disclosure

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

Affected configurations

NVD

Node

milesightur51Match-

milesightur52Match-

milesightur55Match-

AND

milesightur5x_firmwareRange<35.3.0.7

Node

milesightur32lMatch-

AND

milesightur32l_firmwareRange<35.3.0.7

Node

milesightur32Match-

AND

milesightur32_firmwareRange<35.3.0.7

Node

milesightur35Match-

AND

milesightur35_firmwareRange<35.3.0.7

Node

milesightur41_firmwareRange<35.3.0.7

AND

milesightur41Match-

References

milesight.com

packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html

ur5x.com

github.com/win3zz/CVE-2023-43261

medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf

support.milesight-iot.com/support/home

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for NVD:CVE-2023-43261

prion1 packetstorm1 cvelist1 zdt1 githubexploit1 cve1 nuclei1 exploitdb1 thn1