Lucene search

[email protected]CVE-2023-46381

HistoryNov 04, 2023 - 11:15 p.m.

CVE-2023-46381

2023-11-0423:15:07

CWE-306

[email protected]

web.nvd.nist.gov

loytec

linx-212

lvis-3me12-a1

liob-586

firmware

authentication bypass

nvd

vulnerability

security

unauthenticated access

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.

Affected configurations

NVD

Node

loyteclinx-212_firmwareMatch6.2.4

AND

loyteclinx-212Match-

Node

loyteclvis-3me12-a1_firmwareMatch6.2.2

AND

loyteclvis-3me12-a1Match-

Node

loytecliob-586_firmwareMatch6.2.3

AND

loytecliob-586Match-

CPENameOperatorVersion
loytec:linx-212_firmwareloytec linx-212 firmwareeq6.2.4

CPE	Name	Operator	Version
loytec:linx-212_firmware	loytec linx-212 firmware	eq	6.2.4

References

packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html

seclists.org/fulldisclosure/2023/Nov/0

www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

Related for CVE-2023-46381

prion1 nvd1 cvelist1 packetstorm1 zdt1