Details of VAR-202310-0004

ID

VAR-202310-0004

CVE

CVE-2023-43261

DESCRIPTION

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

Trust: 1.0

sources: NVD: CVE-2023-43261

AFFECTED PRODUCTS

vendor:	milesight	model:	ur32l	scope:	lt	version:	35.3.0.7	Trust: 1.0
vendor:	milesight	model:	ur32	scope:	lt	version:	35.3.0.7	Trust: 1.0
vendor:	milesight	model:	ur35	scope:	lt	version:	35.3.0.7	Trust: 1.0
vendor:	milesight	model:	ur5x	scope:	lt	version:	35.3.0.7	Trust: 1.0
vendor:	milesight	model:	ur41	scope:	lt	version:	35.3.0.7	Trust: 1.0

sources: NVD: CVE-2023-43261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-43261
value:	HIGH
Trust: 1.0

nvd@nist.gov:	CVE-2023-43261
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-43261

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.0

sources: NVD: CVE-2023-43261

PATCH

title:

url:

https://github.com/win3zz/CVE-2023-43261

Trust: 0.1

sources: VULMON: CVE-2023-43261

EXTERNAL IDS

db:	NVD	id:	CVE-2023-43261	Trust: 1.1
db:	PACKETSTORM	id:	176988	Trust: 1.0
db:	VULMON	id:	CVE-2023-43261	Trust: 0.1

sources: VULMON: CVE-2023-43261 // NVD: CVE-2023-43261

REFERENCES

url:	https://github.com/win3zz/cve-2023-43261	Trust: 1.1
url:	http://milesight.com	Trust: 1.0
url:	http://packetstormsecurity.com/files/176988/milesight-ur5x-ur32l-ur32-ur35-ur41-credential-leakage.html	Trust: 1.0
url:	http://ur5x.com	Trust: 1.0
url:	https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf	Trust: 1.0
url:	https://support.milesight-iot.com/support/home	Trust: 1.0

sources: VULMON: CVE-2023-43261 // NVD: CVE-2023-43261

SOURCES

db:	VULMON	id:	CVE-2023-43261
db:	NVD	id:	CVE-2023-43261

LAST UPDATE DATE

2024-08-14T13:19:47.879000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2023-43261

date:

2024-02-05T17:15:08.780

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2023-43261

date:

2023-10-04T12:15:10.627