Insecure Permissions in LINX Configurator 7.4.10: Remote Password Theft and Device Takeover

Insecure Permissions in LINX Configurator 7.4.10: Remote Password Theft and Device Takeover

CVE-2023-46385 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.

Learn more about our Web Application Penetration Testing UK.