LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
19 Sep 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | |
References |
|
14 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Nov 2023, 16:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html - Third Party Advisory | |
References | (MISC) https://seclists.org/fulldisclosure/2023/Nov/0 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:loytec:liob-586_firmware:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:* cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:* cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:* cpe:2.3:o:loytec:lvis-3me12-a1_firmware:6.2.2:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
First Time |
Loytec linx-212
Loytec lvis-3me12-a1 Loytec Loytec liob-586 Loytec linx-212 Firmware Loytec lvis-3me12-a1 Firmware Loytec liob-586 Firmware |
|
CWE | CWE-306 |
14 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-04 23:15
Updated : 2024-09-19 20:15
NVD link : CVE-2023-46381
Mitre link : CVE-2023-46381
CVE.ORG link : CVE-2023-46381
JSON object : View
Products Affected
loytec
- lvis-3me12-a1
- linx-212
- liob-586_firmware
- liob-586
- lvis-3me12-a1_firmware
- linx-212_firmware
CWE
CWE-306
Missing Authentication for Critical Function