LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
References
Configurations
History
20 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. |
14 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Dec 2023, 18:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2023/Nov/7 - Mailing List, Third Party Advisory | |
References | () http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html - Third Party Advisory, VDB Entry | |
CWE | CWE-312 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:* cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:* cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:* |
30 Nov 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-30 23:15
Updated : 2024-09-20 17:15
NVD link : CVE-2023-46388
Mitre link : CVE-2023-46388
CVE.ORG link : CVE-2023-46388
JSON object : View
Products Affected
loytec
- linx-151
- linx-212_firmware
- linx-151_firmware
- linx-212
CWE
CWE-312
Cleartext Storage of Sensitive Information