Milesight Industrial Router Vulnerability Possibly Exploited in Attacks

A vulnerability in industrial routers made by Chinese company Milesight may have been exploited in attacks. The vulnerability exposes system log files containing passwords, which can be used by attackers to gain unauthorized access. Security firm VulnCheck discovered evidence of small-scale exploitation of the vulnerability. While Milesight claims to have released patches, some devices still appear to be running vulnerable firmware versions. The hacker in the observed attacks did not make changes to the compromised systems but went through settings and status pages, suggesting reconnaissance.