Milesight routers, Titan SFTP servers impacted by severe bugs

Numerous severe vulnerabilities have been reported to affect Milesight industrial cellular routers and South River Technologies' Titan MFT and Titan SFTP servers, according to The Hacker News. Attacks leveraging the Milesight information disclosure flaw, tracked as CVE-2023-43261, have been underway, according to VulnCheck Chief Technology Officer Jacob Baines, who noted that intrusions against six systems were discovered earlier this month. Such a bug, discovered and reported by researcher Bipin Jitiya, could be exploited to facilitate sensitive credential access that could be used for further fraudulent activities. "If you have a Milesight Industrial Cellular Router, it's probably wise to assume all the credentials on the system have been compromised and to simply generate new ones, and ensure no interfaces are reachable via the internet," said Baines. Meanwhile, numerous flaws affecting Titan MFT and Titan SFTP servers, tracked from CVE-2023-45685 to CVE-2023-45690, could be abused to facilitate remote super user access, a report from Rapid7 showed. "However, all issues are post-authentication and require non-default configurations and are therefore unlikely to see wide scale exploitation," said Rapid7.