Loytec Improper Access Control Information Disclosure Vulnerability
2023-11-27
| CVE ID | CVE-2023-46387 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 |
| Vulnerability Details | ‘/var/lib/lgtw/dpal_config.zml’ file is accessible via file download API. ‘dpal_config.wbx’ which is extracted from ‘dpal_config.zml’ includes sensitive configuration information such as smtp client information. Authentication is required to exploit this vulnerability. <http://<IP>>:<port>/DT?filename=/var/lib/lgtw/dpal_config.zml |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |