Описание
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.1 (включая)
Одновременно
cpe:2.3:o:loytec:lvis-3me_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:loytec:lvis-3me:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.0828
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-331
CWE-331
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
EPSS
Процентиль: 92%
0.0828
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-331
CWE-331