CVE-2023-46380

Name of the Vulnerable Software and Affected Versions LOYTEC LINX-151 (affected versions not specified) LOYTEC LINX-212 version 6.2.4 LOYTEC LVIS-3ME12-A1 version 6.2.2 LOYTEC LIOB-586 version 6.2.3 LOYTEC LIOB-580 V2 (affected versions not specified) LOYTEC LIOB-588 (affected versions not specified) L-INX Configurator devices (all versions)

Description The issue concerns devices sending password-change requests via cleartext HTTP. This affects various LOYTEC devices, including LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, and L-INX Configurator devices.

Recommendations For LOYTEC LINX-151, consider disabling password-change requests via HTTP until a secure method is implemented. For LOYTEC LINX-212 version 6.2.4, restrict access to password-change functionality until a patch is available. For LOYTEC LVIS-3ME12-A1 version 6.2.2, avoid using cleartext HTTP for password changes. For LOYTEC LIOB-586 version 6.2.3, implement HTTPS for password-change requests as a temporary workaround. For LOYTEC LIOB-580 V2, restrict password-change requests until a secure protocol is used. For LOYTEC LIOB-588, disable cleartext HTTP for password changes. For L-INX Configurator devices, consider using a secure connection for password changes.