The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 13 Nov 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Level1
Level1 wbr-6012 Level1 wbr-6012 Firmware |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:* cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:* |
|
Vendors & Products |
Level1
Level1 wbr-6012 Level1 wbr-6012 Firmware |
Wed, 30 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Levelone
Levelone wbr-6012 |
|
CPEs | cpe:2.3:a:levelone:wbr-6012:*:*:*:*:*:*:*:* | |
Vendors & Products |
Levelone
Levelone wbr-6012 |
|
Metrics |
ssvc
|
Wed, 30 Oct 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication. | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2024-10-30T13:35:16.694Z
Updated: 2024-10-30T15:03:11.265Z
Reserved: 2024-05-01T21:30:15.074Z
Link: CVE-2024-33603
Vulnrichment
Updated: 2024-10-30T15:03:11.265Z
NVD
Status : Modified
Published: 2024-10-30T14:15:06.330
Modified: 2024-11-21T09:17:14.493
Link: CVE-2024-33603
Redhat
No data.