CVE-2023-46383
Severity:
HIGH
Type:
CWE-319
Cleartext Transmission of Sensitive Information
Publication date:
30/11/2023
Last modified:
14/12/2023
Description
LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page