GCVE - cpe:2.3:o:loytec:lvis-3me_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:loytec:lvis-3me_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Loytec (`6190caa2-852a-5dba-b6c8-40e7b31c6b3d`)
Product	Lvis 3Me Firmware (`ee1934af-77ff-5c78-87a9-fa8acba25f33`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-13998`	vulnerable	2026-06-03 14:36:38.231856	Details available An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. Published: 2017-10-05T21:00:00.000Z Updated: 2024-08-05T19:13:41.639Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 http://www.securityfocus.com/bid/100847	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-13996`	vulnerable	2026-06-03 14:36:38.227062	Details available A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. Published: 2017-10-05T21:00:00.000Z Updated: 2024-08-05T19:13:41.505Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 http://www.securityfocus.com/bid/100847	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-13994`	vulnerable	2026-06-03 14:36:38.223725	Details available A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link. Published: 2017-10-05T21:00:00.000Z Updated: 2024-08-05T19:13:41.592Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 http://www.securityfocus.com/bid/100847	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-13992`	vulnerable	2026-06-03 14:36:38.219681	Details available An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution. Published: 2017-10-05T21:00:00.000Z Updated: 2024-08-05T19:13:41.672Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 http://www.securityfocus.com/bid/100847	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.