Loytec
Products
13- 6 CVEs
- 6 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13996 | Hig | 0.57 | 8.8 | 0.03 | Oct 5, 2017 | A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute… | ||
| CVE-2017-13992 | Hig | 0.53 | 8.1 | 0.04 | Oct 5, 2017 | An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution. | ||
| CVE-2017-13998 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2017 | An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. | ||
| CVE-2017-13994 | Med | 0.40 | 6.1 | 0.01 | Oct 5, 2017 | A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link. | ||
| CVE-2018-14916 | 0.05 | — | 0.17 | Jun 28, 2019 | LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | |||
| CVE-2018-14918 | 0.05 | — | 0.18 | Jun 28, 2019 | LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | |||
| CVE-2023-46383 | 0.00 | — | 0.01 | Nov 30, 2023 | LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. | |||
| CVE-2023-46389 | 0.00 | — | 0.02 | Nov 30, 2023 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. | |||
| CVE-2023-46384 | 0.00 | — | 0.02 | Nov 30, 2023 | LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device. | |||
| CVE-2023-46387 | 0.00 | — | 0.02 | Nov 30, 2023 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. | |||
| CVE-2023-46386 | 0.00 | — | 0.02 | Nov 30, 2023 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | |||
| CVE-2023-46385 | 0.00 | — | 0.01 | Nov 30, 2023 | LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. | |||
| CVE-2023-46388 | 0.00 | — | 0.02 | Nov 30, 2023 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | |||
| CVE-2023-46382 | 0.00 | — | 0.03 | Nov 4, 2023 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login. | |||
| CVE-2023-46380 | 0.00 | — | 0.03 | Nov 4, 2023 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. | |||
| CVE-2023-46381 | 0.00 | — | 0.07 | Nov 4, 2023 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project)… | |||
| CVE-2018-14919 | 0.00 | — | 0.02 | Jun 28, 2019 | LOYTEC LGATE-902 6.3.2 devices allow XSS. | |||
| CVE-2015-7906 | 0.00 | — | 0.02 | Dec 21, 2015 | LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors. |
- risk 0.57cvss 8.8epss 0.03
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute…
- risk 0.53cvss 8.1epss 0.04
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
- risk 0.49cvss 7.5epss 0.01
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.
- risk 0.40cvss 6.1epss 0.01
A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.
- CVE-2018-14916Jun 28, 2019risk 0.05cvss —epss 0.17
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
- CVE-2018-14918Jun 28, 2019risk 0.05cvss —epss 0.18
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
- CVE-2023-46383Nov 30, 2023risk 0.00cvss —epss 0.01
LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.
- CVE-2023-46389Nov 30, 2023risk 0.00cvss —epss 0.02
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.
- CVE-2023-46384Nov 30, 2023risk 0.00cvss —epss 0.02
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.
- CVE-2023-46387Nov 30, 2023risk 0.00cvss —epss 0.02
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.
- CVE-2023-46386Nov 30, 2023risk 0.00cvss —epss 0.02
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
- CVE-2023-46385Nov 30, 2023risk 0.00cvss —epss 0.01
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.
- CVE-2023-46388Nov 30, 2023risk 0.00cvss —epss 0.02
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
- CVE-2023-46382Nov 4, 2023risk 0.00cvss —epss 0.03
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
- CVE-2023-46380Nov 4, 2023risk 0.00cvss —epss 0.03
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
- CVE-2023-46381Nov 4, 2023risk 0.00cvss —epss 0.07
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project)…
- CVE-2018-14919Jun 28, 2019risk 0.00cvss —epss 0.02
LOYTEC LGATE-902 6.3.2 devices allow XSS.
- CVE-2015-7906Dec 21, 2015risk 0.00cvss —epss 0.02
LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.