CVE-2023-46387
Last Updated: March 29, 2024
CVE-2023-46387 — Loytec Improper Access Control Information Disclosure Vulnerability
CVE ID: CVE-2023-46387
Publication Date: 2023-11-27
Severity: High
Affected Vendor
LOYTEC electronics GmbH
Affected Products
- LINX-151, Firmware 7.2.4
- LINX-212, Firmware 6.2.4
Vulnerability Description
The file /var/lib/lgtw/dpal_config.zml is accessible through a file download API. When extracted, the dpal_config.wbx file contains sensitive configuration information such as smtp client information.
Access Vector: http://<IP>:<port>/DT?filename=/var/lib/lgtw/dpal_config.zml
Authentication Requirement: Authentication is required to exploit this vulnerability.
Vulnerability Classification: Information Disclosure through Improper Access Control
Solutions & Rules
N/A
Credit
Chizuru Toyama of TXOne Networks
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
psirt@txone.com