PT-2023-29997 · Loytec Electronics Gmbh · Linx-151+1
Chizuru Toyama
·
Publicado
2023-11-30
·
Atualizado
2024-09-20
·
CVE-2023-46388
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions)
Description
The issue allows remote attackers to disclose smtp client account credentials and bypass email authentication due to insecure permissions via the dpal config.zml file.
Recommendations
For LINX-212 and LINX-151 devices, restrict access to the dpal config.zml file to prevent remote attackers from disclosing smtp client account credentials and bypassing email authentication. As a temporary workaround, consider restricting the use of the smtp client until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Linx-151
Linx-212