
CVE-2023-46383
Last Updated: November 27, 2023
Loytec LINX Configurator Cleartext Transmission of Sensitive Information Vulnerability
| CVE ID | CVE-2023-46383 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX Configurator 7.4.10 |
| Vulnerability Details | Loytec LINX Configurator could be connected to Loytec devices with an administrator credential, and it could configure device settings. Since it uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext, so anyone could easily steal credentials if they sniff network traffics. Once obtaining the admin password, attackers could connect and control Loytec devices via LINX configurator. |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
security@txone.com