TXOne Networks
Hero background

CVE-2023-46387

Last Updated: November 27, 2023

Loytec Improper Access Control Information Disclosure Vulnerability

CVE IDCVE-2023-46387
SeverityHigh
Affected VendorsLOYTEC electronics GmbH
Affected ProductsLINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4
Vulnerability Details‘/var/lib/lgtw/dpal_config.zml’ file is accessible via file download API. ‘dpal_config.wbx’ which is extracted from ‘dpal_config.zml’ includes sensitive configuration information such as smtp client information. Authentication is required to exploit this vulnerability. <http://<IP>>:<port>/DT?filename=/var/lib/lgtw/dpal_config.zml
Solutions & RulesN/A
CreditChizuru Toyama of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com