Insecure Permissions in LINX Configurator 7.4.10: Remote Password Theft and Device Takeover
CVE-2023-46385 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.
Learn more about our Web Application Penetration Testing UK.