LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
7.5CVSS
7.8AI Score
0.001EPSS
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
8.2CVSS
8.5AI Score
0.001EPSS
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
7.5CVSS
7.8AI Score
0.001EPSS
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
7.5CVSS
7.7AI Score
0.002EPSS
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.
7.5CVSS
7.5AI Score
0.002EPSS
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
7.5CVSS
7.7AI Score
0.002EPSS
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.
7.5CVSS
7.5AI Score
0.002EPSS