HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2023-46385

CVSS 7.5v3.1pub. 2023-11-30upd. 2025-11-04

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Loytec L Inx Configurator

    APP
    Loytec
    7.4.10
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-46383HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usern...

CVE-2023-46384HIGH7.5ten sam produkt

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext stor...

CVE-2018-14916CRITICAL9.1ten sam vendor

LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.

CVE-2023-46386HIGH7.5ten sam vendor

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions vi...

CVE-2023-46387HIGH7.5ten sam vendor

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Contro...