TXOne Networks
Hero background

CVE-2023-46389

Last Updated: November 27, 2023

Loytec Improper Access Control Information Disclosure Vulnerability

CVE IDCVE-2023-46389
SeverityHigh
Affected VendorsLOYTEC electronics GmbH
Affected ProductsLINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4
Vulnerability Details‘/tmp/registry.xml’ file is accessible via file download API. ‘registry.xml’ includes device configuration information which includes sensitive information such as smtp client information. Authentication is required to exploit this vulnerability. <http://<IP>>:<port>/DT?filename=/tmp/registry.xml
Solutions & RulesN/A
CreditChizuru Toyama of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com