CVE-2023-46386

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*
cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*
cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:28

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html - Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2023/Nov/7 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2023/Nov/7 - Mailing List, Third Party Advisory
References () https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ - () https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ -

20 Sep 2024, 17:15

Type Values Removed Values Added
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 -
Summary (en) LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. (en) LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.

14 Dec 2023, 08:15

Type Values Removed Values Added
References
  • () https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ -

06 Dec 2023, 18:42

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2023/Nov/7 - () http://seclists.org/fulldisclosure/2023/Nov/7 - Mailing List, Third Party Advisory
References () http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html - () http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html - Third Party Advisory, VDB Entry
First Time Loytec linx-151 Firmware
Loytec linx-212
Loytec
Loytec linx-212 Firmware
Loytec linx-151
CWE CWE-312
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*
cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*
cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*
cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*

30 Nov 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-30 23:15

Updated : 2024-11-21 08:28


NVD link : CVE-2023-46386

Mitre link : CVE-2023-46386

CVE.ORG link : CVE-2023-46386


JSON object : View

Products Affected

loytec

  • linx-212_firmware
  • linx-151
  • linx-212
  • linx-151_firmware
CWE
CWE-312

Cleartext Storage of Sensitive Information