Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linx\-212_firmware
(Loytec)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-04 | CVE-2023-46380 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. | Linx\-212_firmware, Liob\-586_firmware, Lvis\-3me12\-A1_firmware | 7.5 | ||
| 2023-11-30 | CVE-2023-46386 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | Linx\-151_firmware, Linx\-212_firmware | 7.5 | ||
| 2023-11-30 | CVE-2023-46387 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. | Linx\-151_firmware, Linx\-212_firmware | 7.5 | ||
| 2023-11-30 | CVE-2023-46388 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | Linx\-151_firmware, Linx\-212_firmware | 7.5 | ||
| 2023-11-30 | CVE-2023-46389 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. | Linx\-151_firmware, Linx\-212_firmware | 7.5 | ||
| 2023-11-04 | CVE-2023-46381 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | Linx\-212_firmware, Liob\-586_firmware, Lvis\-3me12\-A1_firmware | 8.2 | ||
| 2023-11-04 | CVE-2023-46382 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login. | Linx\-212_firmware, Liob\-586_firmware, Lvis\-3me12\-A1_firmware | 7.5 |