CVE-2023-46386 — Loytec Use of Hard-coded Password Authentication Bypass Vulnerability

CVE ID: CVE-2023-46386

Publication Date: 2023-11-27

Severity: High

Affected Vendor

LOYTEC electronics GmbH

Affected Products

• LINX-151, Firmware 7.2.4
• LINX-212, Firmware 6.2.4

Vulnerability Description

A registry.xml file contains hard-coded clear text credentials for smtp client account. If an attacker obtains this file, the email account could be compromised. Password should be encrypted.

Solutions & Rules

N/A

Credit

Chizuru Toyama of TXOne Networks