"Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers"

Milesight's industrial cellular routers may have been actively exploited in real-world attacks, according to new research from VulnCheck. The exploited vulnerability, tracked as CVE-2023-43261, has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7. Remote and unauthenticated attackers could gain unauthorized access to the web interface, enabling them to configure Virtual Private Network (VPN) servers and disable firewall protections. As some routers allow the sending and receiving of SMS messages, the severity of this vulnerability increases, according to security researcher Bipin Jitiya, who discovered the issue. An attacker could exploit this functionality to carry out fraudulent activities, potentially causing financial harm to the router's owner. This article continues to discuss the potential exploitation and impact of the vulnerabilities impacting Milesight routers and Titan SFTP servers.

THN reports "Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers"

Submitted by grigby1