CVE-2023-46382

Name of the Vulnerable Software and Affected Versions LOYTEC LINX-151 (affected versions not specified) LOYTEC LINX-212 version 6.2.4 LOYTEC LVIS-3ME12-A1 version 6.2.2 LOYTEC LIOB-586 version 6.2.3 LOYTEC LIOB-580 V2 (affected versions not specified) LOYTEC LIOB-588 (affected versions not specified) L-INX Configurator devices (all versions)

Description The issue concerns the use of cleartext HTTP for login by various LOYTEC devices. This means that login credentials are transmitted without encryption, potentially allowing them to be intercepted by an attacker.

Recommendations For LOYTEC LINX-151, consider disabling cleartext HTTP login until a secure alternative is implemented. For LOYTEC LINX-212 version 6.2.4, restrict login to use only encrypted connections. For LOYTEC LVIS-3ME12-A1 version 6.2.2, avoid using cleartext HTTP for login. For LOYTEC LIOB-586 version 6.2.3, use a secure connection for login. For LOYTEC LIOB-580 V2, implement a secure login mechanism. For LOYTEC LIOB-588, disable cleartext HTTP login. For L-INX Configurator devices, use encrypted connections for login.