TXOne Networks
Hero background

CVE-2023-46385

Last Updated: November 27, 2023

Loytec LINX Configurator Cleartext Transmission of Sensitive Information Vulnerability

CVE IDCVE-2023-46385
SeverityHigh
Affected VendorsLOYTEC electronics GmbH
Affected ProductsLINX Configurator 7.4.10
Vulnerability DetailsWhen Loytec LINX Configurator connects to a device, it sends HTTP GET request to login. Since cleartext password is passed as an URL parameter, “password” without sufficient protection, anyone could easily steal credentials if they sniff network traffics. Once obtaining the admin password, attackers could connect and control Loytec devices via LINX configurator. http://<IP>>:<port>/webui/config/system?username=admin&password=&login=Login
Solutions & RulesN/A
CreditChizuru Toyama of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com