LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
History

Tue, 26 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
Description LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-04T00:00:00

Updated: 2024-11-26T21:31:15.792Z

Reserved: 2023-10-23T00:00:00

Link: CVE-2023-46381

cve-icon Vulnrichment

Updated: 2024-08-02T20:45:41.666Z

cve-icon NVD

Status : Modified

Published: 2023-11-04T23:15:07.957

Modified: 2024-11-21T08:28:24.820

Link: CVE-2023-46381

cve-icon Redhat

No data.