CVE-2023-43261 Scanner
Detects 'Improper Access Control' vulnerability in Milesight UR5X, UR32L, UR32, UR35, UR41 affects v. before 35.3.0.7.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
Milesight Industrial Cellular Routers are advanced networking devices that are widely used for mission-critical communication and data transfer between various sensors, devices, and servers in industrial environments. The UR5X, UR32L, UR32, UR35, UR41 are some of the popular models from this product line that offer high-speed wireless connectivity, GPS tracking, and robust security features. These routers are mainly used in applications such as remote monitoring, asset tracking, smart agriculture, transportation, and energy management systems.
However, the security of these routers has recently been compromised by a critical vulnerability identified as CVE-2023-43261. This vulnerability arises due to a misconfiguration that enables directory listing on the router systems, making the log files and their sensitive content publicly accessible. The log files contain crucial information like encrypted admin and other user passwords that can be exploited using the router's web interface. Furthermore, the presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code can be exploited to decrypt these passwords, thus allowing unauthorized access to the router.
When exploited, this vulnerability can lead to a wide range of cybersecurity threats to industrial systems and networks. Attackers can gain remote access to the router's management console and modify its configurations, Steal or tamper with sensitive data, render the system unresponsive or shut it down completely. This can result in financial losses, system disruption, and damage to reputation and customer trust.
In conclusion, cybersecurity threats to industrial systems and networks are becoming more sophisticated and widespread, and it is crucial to stay informed and proactive in defending against them. By utilizing platforms like securityforeveryone.com, individuals and organizations can easily learn about, track, and address vulnerabilities in their digital assets, and enhance their overall security posture.
REFERENCES
control security posture