9 matches found
EUVD-2023-47679
Malicious code in bioql PyPI...
Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
!/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption CVE: CVE-2023-43261 Script Author: Bipin Jitiya @win3zz Vendor: Milesight IoT - https://www.milesight-iot.com/ Formerly Xiamen Ursalink Technology Co., Ltd...
VulnCheck KEV: CVE-2023-43261
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components...
CVE-2023-43260
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting XSS vulnerability via the admin panel...
CVE-2023-43260
CVE-2023-43260 affects Milesight UR5X, UR32L, UR32, UR35, UR41 prior to version 35.3.0.7 with an XSS vulnerability exploitable via the admin panel. The vulnerability is documented across multiple feeds (NVD/Red Hat/CVE lists) and is mitigated by upgrading to version 35.3.0.7 or later (per PT-2023...
CVE-2023-43260
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting XSS vulnerability via the admin panel...
CVE-2023-43261
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components...
Information disclosure
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components...
CVE-2023-43261
CVE-2023-43261 affects Milesight UR5X, UR32L, UR32, UR35, UR41 (pre-35.3.0.7). The issue combines a misconfigured directory listing that exposes log files containing credentials and a hardcoded AES key/IV in JS, enabling access to sensitive router components and passwords. Public PoCs and writeup...