SB20231004126 - Information disclosure in Milesight Routers
Published: October 4, 2023 Updated: October 2, 2025
Security Bulletin ID
SB20231004126
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-43261)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A remote attacker can read the log files and gain access to sensitive data.
Remediation
Install update from vendor's website.
References
- http://milesight.com
- http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html
- http://ur5x.com
- https://github.com/win3zz/CVE-2023-43261
- https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
- https://support.milesight-iot.com/support/home