PT-2023-29995 · Loytec Electronics Gmbh · Linx-151+1
Chizuru Toyama
·
Publicado
2023-11-30
·
Atualizado
2024-09-20
·
CVE-2023-46386
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions)
Description
The issue allows remote attackers to disclose smtp client account credentials and bypass email authentication due to insecure permissions via the registry.xml file.
Recommendations
For all versions, consider restricting access to the registry.xml file to minimize the risk of exploitation.
As a temporary workaround, avoid using the smtp client account credentials in the affected devices until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Linx-151
Linx-212