LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
Description LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-27T20:32:54.237Z

Reserved: 2023-10-23T00:00:00.000Z

Link: CVE-2023-46381

cve-icon Vulnrichment

Updated: 2024-08-02T20:45:41.666Z

cve-icon NVD

Status : Modified

Published: 2023-11-04T23:15:07.957

Modified: 2024-11-21T08:28:24.820

Link: CVE-2023-46381

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.