Loytec LWEB-802 Mising Authentication Vulnerability
2023-11-03
CVE ID | CVE-2023-46381 |
---|---|
Severity | High |
Affected Vendors | LOYTEC electronics GmbH |
Affected Products | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 |
Vulnerability Details | Authentication is missing on the web user interface for the preinstalled version of LWEB-802. If there is a project on a device, an unauthenticated user could create a new project on a web and access/control a graphical interface. An unauthenticated user also could edit or delete a current web project, change settings and delete system logs etc… <http://<IP>>:<port>/lweb802_pre/ |
Solutions & Rules | N/A |
Credit | Chizuru Toyama of TXOne Networks |