ID |
CVE-2023-43261
|
Summary |
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:milesight:ur5x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur5x_firmware:*:*:*:*:*:*:*:*
-
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*
-
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*
-
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*
-
cpe:2.3:o:milesight:ur32l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32l_firmware:-:*:*:*:*:*:*:*
-
cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32l_firmware:32.3.0.5:*:*:*:*:*:*:*
-
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*
-
cpe:2.3:o:milesight:ur32_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur32_firmware:-:*:*:*:*:*:*:*
-
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*
-
cpe:2.3:o:milesight:ur35_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur35_firmware:-:*:*:*:*:*:*:*
-
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*
-
cpe:2.3:o:milesight:ur41_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:milesight:ur41_firmware:-:*:*:*:*:*:*:*
-
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*
cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*
|
CVSS |
Base: | None |
Impact: | |
Exploitability: | |
|
CWE |
CWE-532 |
CAPEC |
-
Fuzzing and observing application log data/errors for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.
|
Access |
Vector | Complexity | Authentication |
|
|
|
|
Impact |
Confidentiality | Integrity | Availability |
|
|
|
|
Last major update |
05-02-2024 - 17:15 |
Published |
04-10-2023 - 12:15 |
Last modified |
05-02-2024 - 17:15 |