Skip to content
Breaking
Latest technical intelligence from Northeast India • Infrastructure, AI, Cloud & Security Analysis • Precision Analysis | Raw Intelligence | Your North Star of Tech Latest technical intelligence from Northeast India • Infrastructure, AI, Cloud & Security Analysis • Precision Analysis | Raw Intelligence | Your North Star of Tech
SECURITY

Security Alert: CVE-2023-46380

CVE-2023-46380: Cleartext Password Vulnerability in LOYTEC Devices

Critical Vulnerability Discovered in LOYTEC Devices

A recently disclosed vulnerability, CVE-2023-46380, poses a significant risk to users of certain LOYTEC devices in North East India and across India. This issue affects several models, including LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, and L-INX Configurator devices.

Cleartext Transmission of Sensitive Information

The vulnerability lies in the devices' transmission of password-change requests via cleartext HTTP. This means that an attacker within the network can intercept these requests, potentially gaining unauthorized access to user accounts.

Implications for North East India and India

With the increasing adoption of smart building automation systems in India, including North East India, the potential impact of this vulnerability is significant. If exploited, it could lead to unauthorized access and control of building automation systems, potentially compromising security, comfort, and energy efficiency.

CVSS Scores and Vectors

The Common Vulnerability Scoring System (CVSS) provides a standardized method for assessing the severity of cybersecurity vulnerabilities. According to the latest CVSS Version 4.0, the base score for this vulnerability is 7.5, categorizing it as a HIGH severity issue.

Affected Devices and Solutions

Specifically, the vulnerability affects LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, and LIOB-586 firmware 6.2.3. Users are strongly advised to update their devices to the latest firmware versions to mitigate this risk.

Looking Forward

As our reliance on smart systems grows, so does the importance of securing them against potential threats. This incident serves as a reminder for manufacturers to prioritize security in their product development processes and for users to stay vigilant and keep their systems updated.