CVE-2023-46381

Published Nov 4, 2023

Last updated 2 months ago

CVSS high 8.2

Overview

Description: LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.2
Impact score: 4.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:loytec:lvis-3me12-a1_firmware:6.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "338AF9A1-BD5E-4955-B9F2-BF38F1D33660"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D31C7C60-0476-43F9-9471-1976F569B9DE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:loytec:liob-586_firmware:6.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B2AE346-27B5-45B0-9DF9-AE4DF99377D8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "798F75E0-8B29-4F1B-BBB8-82B97CBC7138"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References