Lucene search

K
cve[email protected]CVE-2023-46385
HistoryNov 30, 2023 - 11:15 p.m.

CVE-2023-46385

2023-11-3023:15:07
CWE-319
web.nvd.nist.gov
8
cve-2023-46385
loytec electronics
linx configurator
insecure permissions
remote attack
credential theft

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.

Affected configurations

NVD
Node
loytecl-inx_configuratorMatch7.4.10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

Related for CVE-2023-46385