Loytec: Security Vulnerabilities
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
CVSS Score
9.1
EPSS Score
0.682
Published
2019-06-28
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
CVSS Score
7.5
EPSS Score
0.731
Published
2019-06-28
LOYTEC LGATE-902 6.3.2 devices allow XSS.
CVSS Score
6.1
EPSS Score
0.018
Published
2019-06-28
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
CVSS Score
8.1
EPSS Score
0.083
Published
2017-10-05
A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-05
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.02
Published
2017-10-05
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-10-05
LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.004
Published
2015-12-21
Page 2