{"id":"CVE-2023-43261","details":"An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.","modified":"2026-05-04T08:44:30.839870Z","published":"2023-10-04T12:15:10.627Z","withdrawn":"2026-05-04T08:44:30.839870Z","references":[{"type":"WEB","url":"https://support.milesight-iot.com/support/home"},{"type":"WEB","url":"http://milesight.com"},{"type":"WEB","url":"http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html"},{"type":"WEB","url":"http://ur5x.com"},{"type":"WEB","url":"https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf"},{"type":"EVIDENCE","url":"https://github.com/win3zz/CVE-2023-43261"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43261.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"35.3.0.7"}]},{"events":[{"introduced":"0"},{"fixed":"35.3.0.7"}]},{"events":[{"introduced":"0"},{"fixed":"35.3.0.7"}]},{"events":[{"introduced":"0"},{"fixed":"35.3.0.7"}]},{"events":[{"introduced":"0"},{"fixed":"35.3.0.7"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}