This text discusses two separate security vulnerabilities in different products. The first vulnerability affects Milesight industrial cellular routers [2] [5], allowing unauthorized access to sensitive information. The second vulnerability is found in South River Technologies’ Titan MFT and Titan SFTP servers, potentially granting remote superuser access.
Description
A severity flaw [4], known as CVE-2023-43261 and with a CVSS score of 7.5, has been discovered in Milesight industrial cellular routers [1]. This flaw affects UR5X, UR32L [4], UR32 [4], UR35 [4], and UR41 router models with firmware versions earlier than 35.3.0.7 [1]. It allows for information disclosure [1] [2] [5], enabling remote [1], unauthenticated attackers to access sensitive logs and credentials [1], granting them unauthorized access to the routers’ web interfaces [1] [2]. Recent findings suggest that this vulnerability may have already been actively exploited in the wild by an unknown threat actor [1]. Login attempts from different IP addresses in France [2], Lithuania [2], and Norway have been detected, with the attacker successfully authenticating on most systems using credentials extracted from the httpd.log file [2]. It is estimated that around 5% of internet-exposed Milesight routers are running vulnerable firmware versions [1] [2]. As a precautionary measure, owners of these routers are advised to assume that all their credentials have been compromised and generate new ones [1]. It is important to note that some routers allow the sending and receiving of SMS messages, which could be exploited for fraudulent activities [2].
In addition to the Milesight vulnerability, Rapid7 has disclosed several security flaws in South River Technologies’ Titan MFT and Titan SFTP servers [5]. These vulnerabilities could potentially allow remote superuser access. However, it is unlikely that these vulnerabilities will be widely exploited, as they require non-default configurations [5].
Conclusion
The Milesight vulnerability poses a significant risk as it allows unauthorized access to sensitive router components. Exploiting this vulnerability could potentially lead to unauthorized access to Industrial Control System (ICS) networks, compromising critical infrastructure systems such as industrial automation [3], self-service kiosks [3], traffic lighting [3], smart grid assets [3], medical equipment [3], and retail infrastructure [3]. To mitigate this risk, administrators are advised to update their routers’ firmware to the latest version. Additionally, the vulnerabilities in South River Technologies’ servers, while potentially granting remote superuser access, are less likely to be widely exploited due to their non-default configurations. However, it is still important for administrators to remain vigilant and implement necessary security measures to protect their systems.
References
[1] https://cybermaterial.com/industrial-router-vulnerability-exploited/
[2] https://vulners.com/thn/THN:CD0F6DC980CE10A3567228154404BA57
[3] https://angle.ankura.com/post/102iq96/ankura-ctix-flash-update-october-17-2023
[4] https://cyber.vumetric.com/security-news/2023/10/17/experts-warn-of-severe-flaws-affecting-milesight-routers-and-titan-sftp-servers/
[5] https://thehackernews.com/2023/10/experts-warn-of-severe-flaws-affecting.html
