Описание
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
Ссылки
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*
cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:loytec:lvis-3me12-a1_firmware:6.2.2:*:*:*:*:*:*:*
cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:loytec:liob-586_firmware:6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00142
Низкий
8.2 High
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 8.2
github
больше 2 лет назад
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
EPSS
Процентиль: 35%
0.00142
Низкий
8.2 High
CVSS3
Дефекты
CWE-306