Dover Fueling Solutions ProGauge MagLink LX4 Authentication Bypass Vulnerability

A vulnerability exists in Dover Fueling Solutions ProGauge MagLink LX4, LX4 Plus, and LX4 Ultimate devices, all prior to specific versions, due to a hardcoded secret used for validating authentication tokens. This flaw allows an attacker who obtains the signing key to bypass authentication and gain complete access to the system. Additionally, affected devices have default root credentials that cannot be changed through standard administrative means, further facilitating unauthorized access.

Impact

Exploitation of this vulnerability allows for authentication bypass, granting an attacker full administrative access to the affected system.

Remediation

Users are advised to update ProGauge MagLink LX4 and LX4 Plus devices to version 4.20.3 or later. For MagLink LX Ultimate devices, users should update to version 5.20.3 or later. The update can be downloaded from the Dover Fueling Solutions website. It is also recommended to install the software behind a firewall to minimize the risk of remote attacks.