TXOne Networks
Hero background

CVE-2023-46381

Last Updated: November 3, 2023

Loytec LWEB-802 Mising Authentication Vulnerability

CVE IDCVE-2023-46381
SeverityHigh
Affected VendorsLOYTEC electronics GmbH
Affected ProductsLINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3
Vulnerability DetailsAuthentication is missing on the web user interface for the preinstalled version of LWEB-802. If there is a project on a device, an unauthenticated user could create a new project on a web and access/control a graphical interface. An unauthenticated user also could edit or delete a current web project, change settings and delete system logs etc… <http://<IP>>:<port>/lweb802_pre/
Solutions & RulesN/A
CreditChizuru Toyama of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com