Security for everyone

CVE-2023-43261 Scanner

Detects 'Improper Access Control' vulnerability in Milesight UR5X, UR32L, UR32, UR35, UR41 affects v. before 35.3.0.7.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Source

-

Milesight Industrial Cellular Routers are advanced networking devices that are widely used for mission-critical communication and data transfer between various sensors, devices, and servers in industrial environments. The UR5X, UR32L, UR32, UR35, UR41 are some of the popular models from this product line that offer high-speed wireless connectivity, GPS tracking, and robust security features. These routers are mainly used in applications such as remote monitoring, asset tracking, smart agriculture, transportation, and energy management systems.

However, the security of these routers has recently been compromised by a critical vulnerability identified as CVE-2023-43261. This vulnerability arises due to a misconfiguration that enables directory listing on the router systems, making the log files and their sensitive content publicly accessible. The log files contain crucial information like encrypted admin and other user passwords that can be exploited using the router's web interface. Furthermore, the presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code can be exploited to decrypt these passwords, thus allowing unauthorized access to the router.

When exploited, this vulnerability can lead to a wide range of cybersecurity threats to industrial systems and networks. Attackers can gain remote access to the router's management console and modify its configurations, Steal or tamper with sensitive data, render the system unresponsive or shut it down completely. This can result in financial losses, system disruption, and damage to reputation and customer trust.

In conclusion, cybersecurity threats to industrial systems and networks are becoming more sophisticated and widespread, and it is crucial to stay informed and proactive in defending against them. By utilizing platforms like securityforeveryone.com, individuals and organizations can easily learn about, track, and address vulnerabilities in their digital assets, and enhance their overall security posture.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture