Loytec LWEB-802 Mising Authentication Vulnerability
2023-11-03
| CVE ID | CVE-2023-46381 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 |
| Vulnerability Details | Authentication is missing on the web user interface for the preinstalled version of LWEB-802. If there is a project on a device, an unauthenticated user could create a new project on a web and access/control a graphical interface. An unauthenticated user also could edit or delete a current web project, change settings and delete system logs etc… <http://<IP>>:<port>/lweb802_pre/ |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |