CVE-2023-43261

high-risk

Published 2023-10-04

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

Do I need to act?

!

93.1% chance of exploitation in next 30 days

EPSS score — higher than 7% of all CVEs

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (5)

Ur5X Firmware

Ur32L Firmware

Ur32 Firmware

Ur35 Firmware

Ur41 Firmware

Affected Vendors

Milesight

References (12)

Product http://milesight.com

http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-...

Broken Link http://ur5x.com

Exploit https://github.com/win3zz/CVE-2023-43261

https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers...

Product https://support.milesight-iot.com/support/home

Product http://milesight.com

http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-...

Broken Link http://ur5x.com

Exploit https://github.com/win3zz/CVE-2023-43261

https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers...

Product https://support.milesight-iot.com/support/home

58

/ 100

high-risk

Severity 26/34 · High

Exploitability 20/34 · Moderate

Exposure 12/34 · Low