CVE-2023-46388 — Loytec Use of Hard-coded Password Authentication Bypass Vulnerability

CVE ID: CVE-2023-46388

Publication Date: 2023-11-27

Severity: High

Affected Vendor

LOYTEC electronics GmbH

Affected Products

• LINX-151, Firmware 7.2.4
• LINX-212, Firmware 6.2.4

Vulnerability Description

'dpal_config.wbx' file contains hard-coded clear text credentials for smtp client account. If an attacker succeeds in getting dpal_config.zml file, the email account could be compromised. Password should be encrypted.

Solutions & Rules

N/A

Credit

Chizuru Toyama of TXOne Networks