Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-43261

EPSS 93.14% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-43261

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Milesight 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Milesight是中国星纵物联(Milesight)公司的一个完整的人工智能视频监控解决方案。 Milesight UR5X、UR32L、UR32、UR35、UR41 、Industrial Cellular Routers v35.3.0.7 之前版本存在日志信息泄露漏洞,该漏洞源于允许攻击者访问敏感路由器组件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2023-43261

#POC DescriptionSource LinkShenlong Link
1CVE-2023-43261 - Credential Leakage Through Unprotected System Logs and Weak Password Encryptionhttps://github.com/win3zz/CVE-2023-43261POC Details
2A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-43261.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-43261

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-10-04 · 15 CVEs total

CVE-2023-226188.1 HIGHNokia WaveLite 安全漏洞
CVE-2023-33617.7 HIGHS3 credentials included when exporting elyra notebook
CVE-2023-18326.8 MEDIUMImproper authorization check in the server component
CVE-2022-41325.9 MEDIUMMemory leak on tls connections
CVE-2023-31535.3 MEDIUMService monitor mac flow is not rate limited
CVE-2023-43838Personal Management System 代码问题漏洞
CVE-2023-27121Pleasant Solutions Pleasant Password Server 跨站脚本漏洞
CVE-2023-36619Atos Unify OpenScape 输入验证错误漏洞
CVE-2023-36618Atos Unify OpenScape 操作系统命令注入漏洞
CVE-2023-44075PHPGurukul Small CRM 跨站脚本漏洞
CVE-2023-43877RiteCMS 跨站脚本漏洞
CVE-2023-43321Digital China Networks DCFW-1800-SDC 代码问题漏洞
CVE-2023-40299Insomnia 安全漏洞
CVE-2023-35803Extreme Networks IQ Engine 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2023-43261

No comments yet

Leave a comment