CVE-2023-43261
First published: Wed Oct 04 2023(Updated: )
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Milesight Ur5x Firmware | <35.3.0.7 | |
| Milesight Ur51 | ||
| Milesight Ur52 | ||
| Milesight Ur55 | ||
| Milesight Ur32l Firmware | <35.3.0.7 | |
| Milesight UR32L | ||
| Milesight Ur32 Firmware | <35.3.0.7 | |
| Milesight Ur32 | ||
| Milesight Ur35 Firmware | <35.3.0.7 | |
| Milesight Ur35 | ||
| Milesight Ur41 Firmware | <35.3.0.7 | |
| Milesight Ur41 | ||
| All of | ||
| Milesight Ur5x Firmware | <35.3.0.7 | |
| Any of | ||
| Milesight Ur51 | ||
| Milesight Ur52 | ||
| Milesight Ur55 | ||
| All of | ||
| Milesight Ur32l Firmware | <35.3.0.7 | |
| Milesight UR32L | ||
| All of | ||
| Milesight Ur32 Firmware | <35.3.0.7 | |
| Milesight Ur32 | ||
| All of | ||
| Milesight Ur35 Firmware | <35.3.0.7 | |
| Milesight Ur35 | ||
| All of | ||
| Milesight Ur41 Firmware | <35.3.0.7 | |
| Milesight Ur41 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://milesight.com
- http://ur5x.com
- https://github.com/win3zz/CVE-2023-43261
- https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
- https://support.milesight-iot.com/support/home
- https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
- http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html
Frequently Asked Questions
What is vulnerability CVE-2023-43261?
Vulnerability CVE-2023-43261 is an information disclosure vulnerability in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7, which allows attackers to access sensitive router components.
Which software versions are affected by CVE-2023-43261?
CVE-2023-43261 affects Milesight UR5X firmware up to v35.3.0.7, Milesight UR32L firmware up to v35.3.0.7, Milesight UR32 firmware up to v35.3.0.7, Milesight UR35 firmware up to v35.3.0.7, and Milesight UR41 firmware up to v35.3.0.7.
What is the severity of vulnerability CVE-2023-43261?
The severity of vulnerability CVE-2023-43261 is high, with a severity rating of 7.5.
How can I fix vulnerability CVE-2023-43261?
To fix vulnerability CVE-2023-43261, Milesight UR5X, UR32L, UR32, UR35, and UR41 routers should be updated to version v35.3.0.7 or higher.
Are Milesight UR51, UR52, UR55, UR32L, UR32, UR35, and UR41 routers vulnerable to CVE-2023-43261?
Milesight UR51, UR52, UR55, UR32L, UR32, UR35, and UR41 routers are not vulnerable to CVE-2023-43261.
- collector/nvd-index
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/tags
- agent/epss
- vendor/milesight
- canonical/milesight ur5x firmware
- canonical/milesight ur51
- canonical/milesight ur52
- canonical/milesight ur55
- canonical/milesight ur32l firmware
- canonical/milesight ur32l
- canonical/milesight ur32 firmware
- canonical/milesight ur32
- canonical/milesight ur35 firmware
- canonical/milesight ur35
- canonical/milesight ur41 firmware
- canonical/milesight ur41