Mitigating CVE-2023-43261's Threat to Industrial Routers

Summary

A serious vulnerability, CVE-2023-43261, has been discovered in certain industrial routers manufactured by Chinese IoT and video surveillance product maker Milesight, particularly affecting several UR-series industrial cellular routers. This vulnerability allows unauthorized remote attackers to access sensitive system log files, including 'httpd.log', potentially compromising security.

Impact Assessment

CVE-2023-43261 exposes system log files, particularly 'httpd.log', which contain encrypted passwords for administrators and other users. While the passwords are encrypted, they can be decrypted easily, allowing remote, unauthenticated attackers to gain unauthorized access to the targeted device. This vulnerability primarily impacts the confidentiality of sensitive data.

What It Means for You

If you or your organization uses these Milesight industrial routers, this vulnerability presents a significant security risk. Successful exploitation could lead to unauthorized access to critical devices and networks. While patches have been available for some time, it's crucial for businesses to ensure their devices are updated and security measures are in place.

Access Point Technology Recommends

To mitigate the risk associated with CVE-2023-43261, organizations are advised to take the following steps:

1. Patch Management: Ensure that the firmware of the affected Milesight routers is updated to the latest, patched version. Review and apply patches as necessary.
2. Security Assessment: Conduct a security assessment to identify any unauthorized access or suspicious activities on your network. Review log files for signs of exploitation.
3. Credential Reset: Assume that all credentials on the affected routers may have been compromised. Reset passwords and credentials for all users, especially administrators. Encourage users to choose strong, unique passwords.
4. Access Control: Implement strong access control policies and limit remote access to essential personnel. Ensure that routers and sensitive devices are not directly exposed to the public internet whenever possible.
5. Monitoring and Detection: Deploy network monitoring and intrusion detection systems to detect unusual or unauthorized access attempts. Set up alerts for any suspicious activities.
6. Incident Response Plan: Develop or update an incident response plan to handle security incidents promptly and effectively.

By following these remediation steps, organizations can reduce the risk associated with CVE-2023-43261, protect the confidentiality of sensitive data, and maintain the security of their industrial router deployments.

Additional Information

1. The vulnerability has likely been exploited in the wild, albeit not at a large scale.
2. The CVE description may not accurately report the affected router models and firmware versions.
3. CVE-2023-43261 was patched years ago, and organizations are urged to update their firmware promptly.
4. Stay vigilant, prioritize security updates, and ensure your industrial router devices remain secure from potential threats related to CVE-2023-43261.

Associated Bulletins

https://www.securityweek.com/milesight-industrial-router-vulnerability-possibly-exploited-in-attacks/

https://vulncheck.com/blog/real-world-cve-2023-43261

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-43261