CVE-2024-33603

The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*

cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-30 14:15

Updated : 2024-11-21 09:17

NVD link : CVE-2024-33603

Mitre link : CVE-2024-33603

CVE.ORG link : CVE-2024-33603

JSON object : View

Products Affected

level1

wbr-6012
wbr-6012_firmware

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-33603", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-10-30T14:15:06.330", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication."}, {"lang": "es", "value": "El enrutador LevelOne WBR-6012 tiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en su aplicaci\u00f3n web, que permite a los usuarios no autenticados acceder a una p\u00e1gina de registro del sistema con muchos detalles y obtener datos confidenciales, como direcciones de memoria y direcciones IP para los intentos de inicio de sesi\u00f3n. Esta falla podr\u00eda provocar el secuestro de sesiones debido a la dependencia del dispositivo de la direcci\u00f3n IP para la autenticaci\u00f3n."}], "lastModified": "2024-11-21T09:17:14.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}