HIGH✓ PATCH🇬🇧 English

CVE-2023-46381

CVSS 8.2v3.1pub. 2023-11-04upd. 2025-11-04

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
  • Loytec Linx 212

    HW
    Loytec
    wszystkie wersje
  • Loytec Linx 212 Firmware

    OS
    Loytec
    6.2.4
  • Loytec Liob 586

    HW
    Loytec
    wszystkie wersje
  • Loytec Liob 586 Firmware

    OS
    Loytec
    6.2.3
  • Loytec Lvis 3me12 A1

    HW
    Loytec
    wszystkie wersje
  • Loytec Lvis 3me12 A1 Firmware

    OS
    Loytec
    6.2.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-46386HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions vi...

CVE-2023-46387HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Contro...

CVE-2023-46388HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions vi...

CVE-2023-46389HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Contro...

CVE-2023-46380HIGH7.5ten sam produkt

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all ver...