Lvis-3me CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-46381	1 Loytec	6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more	2025-08-27	8.2 High
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
CVE-2023-46380	1 Loytec	10 L-inx Configurator, Linx-151, Linx-212 and 7 more	2025-08-27	7.5 High
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
CVE-2017-13998	1 Loytec	2 Lvis-3me, Lvis-3me Firmware	2025-04-20	N/A
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.
CVE-2017-13996	1 Loytec	2 Lvis-3me, Lvis-3me Firmware	2025-04-20	N/A
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.
CVE-2017-13994	1 Loytec	2 Lvis-3me, Lvis-3me Firmware	2025-04-20	N/A
A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.
CVE-2017-13992	1 Loytec	2 Lvis-3me, Lvis-3me Firmware	2025-04-20	N/A
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
CVE-2023-46382	1 Loytec	6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more	2024-11-21	7.5 High
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.

Page 1 of 1.