Unauthenticated Remote Control Vulnerability in LOYTEC LINX-212, LVIS-3ME12-A1, and LIOB-586 Devices via LWEB-802

Unauthenticated Remote Control Vulnerability in LOYTEC LINX-212, LVIS-3ME12-A1, and LIOB-586 Devices via LWEB-802

CVE-2023-46381 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.

Learn more about our Web App Pen Testing.