LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 26 Nov 2024 22:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Thu, 19 Sep 2024 20:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | 
| References |  | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: mitre
Published: 2023-11-04T00:00:00.000Z
Updated: 2025-08-27T20:32:54.237Z
Reserved: 2023-10-23T00:00:00.000Z
Link: CVE-2023-46381
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-02T20:45:41.666Z
 NVD
                        NVD
                    Status : Modified
Published: 2023-11-04T23:15:07.957
Modified: 2024-11-21T08:28:24.820
Link: CVE-2023-46381
 Redhat
                        Redhat
                    No data.