LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-04T00:00:00
Updated: 2024-11-26T21:31:15.792Z
Reserved: 2023-10-23T00:00:00
Link: CVE-2023-46381
Vulnrichment
Updated: 2024-08-02T20:45:41.666Z
NVD
Status : Modified
Published: 2023-11-04T23:15:07.957
Modified: 2024-11-21T08:28:24.820
Link: CVE-2023-46381
Redhat
No data.