CVE-2023-46389
Last Updated: March 29, 2024
CVE-2023-46389 — Loytec Improper Access Control Information Disclosure Vulnerability
CVE ID: CVE-2023-46389
Publication Date: 2023-11-27
Severity: High
Affected Vendor
LOYTEC electronics GmbH
Affected Products
- LINX-151, Firmware 7.2.4
- LINX-212, Firmware 6.2.4
Vulnerability Description
/tmp/registry.xml file is accessible via file download API. The registry.xml file contains device configuration information including sensitive data such as SMTP client information.
Access Vector: http://<IP>:<port>/DT?filename=/tmp/registry.xml
Authentication Requirement: Authentication is required to exploit this vulnerability.
Solutions & Rules
N/A
Credit
Chizuru Toyama of TXOne Networks
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
psirt@txone.com