19 matches found
CVE-2023-46388
LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...
CVE-2023-46389
LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration...
CVE-2023-46386
LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...
Remote file inclusion
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration...
LOYTEC LINX-212 Security Vulnerability
The LOYTEC LINX-212 is a building controller from LOYTEC. A security vulnerability exists in the LOYTEC LINX-212 version 6.2.4 and LINX-151 version 7.2.4, which stems from a vulnerability that allows an attacker to disclose smtp client account credentials and bypass email authentication via the...
CVE-2023-46387
LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via dpalconfig.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration...
LOYTEC LINX-212 Security Vulnerability
The LOYTEC LINX-212 is a building controller from LOYTEC. A security vulnerability exists in the LOYTEC LINX-212 version 6.2.4 and LINX-151 version 7.2.4, which stems from a vulnerability that allows an attacker to disclose sensitive information on the LINX configuration via the registry.xml file...
CVE-2023-46382
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions use cleartext HTTP for login...
CVE-2023-46381
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions lack authentication for the preinstalled version of LWEB-802 via an lweb802pre/ URI. An unauthenticated attacker can edit any project or create a new project and control its GUI...
CVE-2023-46380
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions send password-change requests via cleartext HTTP...
Design/Logic Flaw
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login...
Authentication flaw
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802pre/ URI. An unauthenticated attacker can edit any project or create a new project and control its GUI...
Design/Logic Flaw
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP...
CVE-2023-46380
LOYTEC LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588 and L-INX Configurator devices (all versions) are affected by CVE-2023-46380 due to password-change requests being sent in cleartext via HTTP. This enables potential password disclosure over the network (and, per rel...
CVE-2023-46381
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions lack authentication for the preinstalled version of LWEB-802 via an lweb802pre/ URI. An unauthenticated attacker can edit any project or create a new project and control its GUI...
LOYTEC LINX-212 Access Control Error Vulnerability
The LOYTEC LINX-212 is a building controller from LOYTEC. An access control error vulnerability exists in the LOYTEC LINX-212 6.2.4 firmware version, which stems from a lack of authentication on the Web user interface, and can be exploited by an attacker to edit or delete current Web items, chang...
LOYTEC LINX-212 Security Vulnerability
The LOYTEC LINX-212 is a building controller from LOYTEC. A security vulnerability exists in the LOYTEC LINX-212 6.2.4 firmware version that originates when a password change request is transmitted in clear text when sent on the web interface, resulting in information theft and account theft...
LOYTEC LINX-212 Security Vulnerability
LOYTEC LINX-212 is a building controller from LOYTEC. A security vulnerability exists in the LOYTEC LINX-212 6.2.4 firmware version. The vulnerability stems from the fact that the Web user interface requires login credentials for critical information data, debugging, configurations, etc., but the...
CVE-2023-46381
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions lack authentication for the preinstalled version of LWEB-802 via an lweb802pre/ URI. An unauthenticated attacker can edit any project or create a new project and control its GUI...