The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.
History

Fri, 22 Nov 2024 12:00:00 +0000


Wed, 13 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Level1
Level1 wbr-6012
Level1 wbr-6012 Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*
cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*
Vendors & Products Level1
Level1 wbr-6012
Level1 wbr-6012 Firmware

Wed, 30 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Levelone
Levelone wbr-6012
CPEs cpe:2.3:a:levelone:wbr-6012:*:*:*:*:*:*:*:*
Vendors & Products Levelone
Levelone wbr-6012
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 30 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Description The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-10-30T13:35:16.694Z

Updated: 2024-10-30T15:03:11.265Z

Reserved: 2024-05-01T21:30:15.074Z

Link: CVE-2024-33603

cve-icon Vulnrichment

Updated: 2024-10-30T15:03:11.265Z

cve-icon NVD

Status : Modified

Published: 2024-10-30T14:15:06.330

Modified: 2024-11-21T09:17:14.493

Link: CVE-2024-33603

cve-icon Redhat

No data.