CVE-2023-46385

Name of the Vulnerable Software and Affected Versions LOYTEC electronics GmbH LINX Configurator (all versions)

Description The issue concerns insecure permissions where an admin credential is passed as a value of URL parameters without encryption. This allows remote attackers to steal the password and gain full control of the Loytec device configuration.

Recommendations For all versions, consider restricting access to the LINX Configurator to minimize the risk of exploitation. As a temporary workaround, avoid using the LINX Configurator until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.