HIGH✓ PATCH🇬🇧 English

CVE-2023-46388

CVSS 7.5v3.1pub. 2023-11-30upd. 2024-11-21

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Loytec Linx 151

    HW
    Loytec
    wszystkie wersje
  • Loytec Linx 151 Firmware

    OS
    Loytec
    7.2.4
  • Loytec Linx 212

    HW
    Loytec
    wszystkie wersje
  • Loytec Linx 212 Firmware

    OS
    Loytec
    6.2.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2023-46386HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions vi...

CVE-2023-46387HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Contro...

CVE-2023-46389HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Contro...

CVE-2023-46380HIGH7.5ten sam produkt

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all ver...

CVE-2023-46381HIGH8.2ten sam produkt

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all ver...