S4E

CVE-2018-14918 Scanner

Detects 'Directory Traversal' vulnerability in LOYTEC LGATE-902 affects v. 6.3.2.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Url

Toolbox

-

The LOYTEC LGATE-902 is a popular device used in building automation systems. It is a communication gateway equipped with various features such as web server, protocol translations, and VPN connectivity. The device is widely used to control building equipment, such as HVAC and lighting, and to monitor environmental sensors. The LOYTEC LGATE-902 is deployed in a wide range of facilities including offices, hotels, and hospitals.

Recently, a security vulnerability was detected in the LOYTEC LGATE-902. This vulnerability is identified as CVE-2018-14918. The issue is a Directory Traversal vulnerability which occurs because the device fails to properly sanitize user input in its web interface. A malicious attacker could exploit this vulnerability to gain access to restricted files and directories within the device. 

This vulnerability could potentially lead to devastating consequences. Once exploited, an attacker can access sensitive data and manipulate the device's settings, causing equipment malfunctions and environmental hazards. For example, temperature and humidity settings in an HVAC unit could be modified, leading to damaging consequences in a facility and even putting occupants at risk. An attacker could also use the device as a pivot point to access other connected devices within the network. 

It is vital to stay informed about vulnerabilities in digital assets. With s4e.io, users can easily and quickly learn about vulnerabilities in their digital assets. The platform offers insightful articles and the latest news about the latest threats, providing valuable insights into how to improve security posture. Thanks to pro features, subscribers can also evaluate their assets and prioritize their mitigation procedures. By taking advantage of this platform, users can ensure they are always one step ahead of cyber attackers.

 

REFERENCES

Get started to protecting your Free Full Security Scan