PT-2023-29997 · Loytec Electronics Gmbh · Linx-151+1
Chizuru Toyama
·
Published
2023-11-30
·
Updated
2024-09-20
·
CVE-2023-46388
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions)
Description
The issue allows remote attackers to disclose smtp client account credentials and bypass email authentication due to insecure permissions via the dpal config.zml file.
Recommendations
For LINX-212 and LINX-151 devices, restrict access to the dpal config.zml file to prevent remote attackers from disclosing smtp client account credentials and bypassing email authentication. As a temporary workaround, consider restricting the use of the smtp client until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linx-151
Linx-212