CVE-2017-13992

Published: Oct 5, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.

Affected (1)

Products: Loytec: Lvis 3me Firmware

Loytec

1 product

Lvis 3me Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Loytec Lvis 3me Firmware	Up to 6.1.1

Running on/with	Platform Versions
Loytec Lvis 3me	All versions

Related CWEs

CWE-331

Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References (4)

http://www.securityfocus.com/bid/100847

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/100847

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.