Data Breaches | Latest News

A serious flaw (CVE-2023-43261, CVSS 7.5) has been discovered in Milesight routers prior to version 35.3.0.7. This includes models UR5X, UR32L, UR32, UR35 & UR41.

The flaw opens a pathway for unauthorized access, leading to potential compromises of records and web dashboards. An attacker, suspected to be from France, Lithuania, or Norway, attempted to breach six systems, and succeeded in four.

Interestingly, these breaches resulted from credentials found in httpd.log. For additional information on this, please refer to the National Vulnerability Database.
Moreover, an additional concern looms over 5% of a total of 5,500 internet-exposed Milesight routers. These devices run potentially vulnerable firmware versions. To prevent further deterioration, companies must create new login credentials and set a ban on internet-reachable interfaces. To aid in understanding this vulnerability, information is present on Github.
Moving towards another alarming matter, Titan MFT and Titan SFTP servers, products by South River Technologies, exhibit security loopholes. These flaws could grant remote superuser access if the configurations are non-standard. They may not be exploited on a large scale, but Rapid7 highlights these vulnerabilities as a crucial concern. Thus, the importance of securing configurations diligently becomes evident.

October 19, 2023
A vulnerability (CVE-2023-43261) found in pre-version 35.3.0.7 Milesight routers allows unauthorized access. Moreover, concerns loom over 5% of a total of 5,500 internet-exposed Milesight routers. Additionally, Titan MFT and Titan SFTP servers exhibit potential security loopholes.
Quick Links
Products
Case Studies

Media Library

Knowledge Center
CyberNow Community
About
Company Info
Investor Relations
Careers
News and Press
Events
Customer Stories
Site Info
Legal
Privacy Policy
Cookies Settings
Terms of Use
Trademarks
Trust Center
Contact
FAQ
Contact Us
Chat Now
Newsletter