Loytec Improper Access Control Information Disclosure Vulnerability
2023-11-27
| CVE ID | CVE-2023-46389 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 |
| Vulnerability Details | ‘/tmp/registry.xml’ file is accessible via file download API. ‘registry.xml’ includes device configuration information which includes sensitive information such as smtp client information. Authentication is required to exploit this vulnerability. <http://<IP>>:<port>/DT?filename=/tmp/registry.xml |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |