Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Loytec Subscribe
Filtered by product Lvis-3me Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-13992 1 Loytec 2 Lvis-3me, Lvis-3me Firmware 2019-10-09 6.8 MEDIUM 8.1 HIGH
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
CVE-2017-13994 1 Loytec 2 Lvis-3me, Lvis-3me Firmware 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.
CVE-2017-13996 1 Loytec 2 Lvis-3me, Lvis-3me Firmware 2019-10-09 6.5 MEDIUM 8.8 HIGH
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.
CVE-2017-13998 1 Loytec 2 Lvis-3me, Lvis-3me Firmware 2019-10-09 6.0 MEDIUM 7.5 HIGH
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.