
CVE-2023-46389
Last Updated: November 27, 2023
Loytec Improper Access Control Information Disclosure Vulnerability
| CVE ID | CVE-2023-46389 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 |
| Vulnerability Details | ‘/tmp/registry.xml’ file is accessible via file download API. ‘registry.xml’ includes device configuration information which includes sensitive information such as smtp client information. Authentication is required to exploit this vulnerability. <http://<IP>>:<port>/DT?filename=/tmp/registry.xml |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
security@txone.com