CVE-2023-49593 - Vulnerability Details - OpenCVE

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0023.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Level1	Wbr-6013 Wbr-6013 Firmware
Level One	Wbr6013

Configuration 1 [-]

AND

cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*

cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-53544	Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1873

History

Tue, 04 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1873

Tue, 04 Nov 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Level One Level One wbr6013
CPEs		cpe:2.3:a:level_one:wbr6013:rer4_a_v3411b_2t2r_lev_09_170623:::::::*
Vendors & Products		Level One Level One wbr6013
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-07-08T15:22:29.162Z

Updated: 2025-11-04T17:13:19.140Z

Reserved: 2023-11-30T13:39:07.409Z

Link: CVE-2023-49593

Vulnrichment

Updated: 2025-11-04T17:13:19.140Z

NVD

Status : Modified

Published: 2024-07-08T16:15:05.090

Modified: 2025-11-04T18:15:44.323

Link: CVE-2023-49593

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-49593", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-11-30T13:39:07.409Z", "datePublished": "2024-07-08T15:22:29.162Z", "dateUpdated": "2025-11-04T17:13:19.140Z"}, "containers": {"cna": {"affected": [{"vendor": "LevelOne", "product": "WBR-6013", "versions": [{"version": "RER4_A_v3411b_2T2R_LEV_09_170623", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-489: Leftover Debug Code", "type": "CWE", "cweId": "CWE-489"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-07-08T17:00:17.626Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"affected": [{"vendor": "level_one", "product": "wbr6013", "cpes": ["cpe:2.3:a:level_one:wbr6013:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "rer4_a_v3411b_2t2r_lev_09_170623", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T16:29:03.555096Z", "id": "CVE-2023-49593", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T16:29:09.941Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1873"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:13:19.140Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1873"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:13:19.140Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49593", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-08T16:29:03.555096Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:level_one:wbr6013:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*"], "vendor": "level_one", "product": "wbr6013", "versions": [{"status": "affected", "version": "rer4_a_v3411b_2t2r_lev_09_170623"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T16:28:39.301Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LevelOne", "product": "WBR-6013", "versions": [{"status": "affected", "version": "RER4_A_v3411b_2T2R_LEV_09_170623"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873"}], "descriptions": [{"lang": "en", "value": "Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-489", "description": "CWE-489: Leftover Debug Code"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-07-08T17:00:17.626Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49593", "state": "PUBLISHED", "dateUpdated": "2025-11-04T17:13:19.140Z", "dateReserved": "2023-11-30T13:39:07.409Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-07-08T15:22:29.162Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*", "matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*", "matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution."}, {"lang": "es", "value": "Existe c\u00f3digo de depuraci\u00f3n sobrante en la funcionalidad boa formSysCmd de LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. Una solicitud de red especialmente manipulada puede provocar la ejecuci\u00f3n de un comando arbitrario."}], "id": "CVE-2023-49593", "lastModified": "2025-11-04T18:15:44.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-07-08T16:15:05.090", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1873"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-489"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}