The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token.
History

Fri, 22 Nov 2024 12:00:00 +0000


Fri, 08 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Level1
Level1 wbr-6012
Level1 wbr-6012 Firmware
CPEs cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*
cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*
Vendors & Products Level1
Level1 wbr-6012
Level1 wbr-6012 Firmware

Wed, 30 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Levelone
Levelone wbr-6012
CPEs cpe:2.3:a:levelone:wbr-6012:*:*:*:*:*:*:*:*
Vendors & Products Levelone
Levelone wbr-6012
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 30 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Description The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token.
Weaknesses CWE-291
References
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-10-30T13:35:15.373Z

Updated: 2024-10-30T15:03:05.748Z

Reserved: 2024-05-06T19:45:48.535Z

Link: CVE-2024-23309

cve-icon Vulnrichment

Updated: 2024-10-30T15:03:05.748Z

cve-icon NVD

Status : Modified

Published: 2024-10-30T14:15:04.153

Modified: 2024-11-21T08:57:28.620

Link: CVE-2024-23309

cve-icon Redhat

No data.