{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33603", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-05-01T21:30:15.074Z", "datePublished": "2024-10-30T13:35:16.694Z", "dateUpdated": "2024-10-30T15:03:11.265Z"}, "containers": {"cna": {"affected": [{"vendor": "LevelOne", "product": "WBR-6012", "versions": [{"version": "R0.40e6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200: Information Exposure", "type": "CWE", "cweId": "CWE-200"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-10-30T13:35:16.694Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985"}], "credits": [{"lang": "en", "value": "Discovered by Patrick DeSantis of Cisco Talos."}]}, "adp": [{"affected": [{"vendor": "levelone", "product": "wbr-6012", "cpes": ["cpe:2.3:a:levelone:wbr-6012:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "R0.40e6", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-30T14:35:58.293823Z", "id": "CVE-2024-33603", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T14:36:27.102Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-30T15:03:11.265Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-30T15:03:11.265Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33603", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-30T14:35:58.293823Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:levelone:wbr-6012:*:*:*:*:*:*:*:*"], "vendor": "levelone", "product": "wbr-6012", "versions": [{"status": "affected", "version": "R0.40e6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T14:36:21.344Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Patrick DeSantis of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "LevelOne", "product": "WBR-6012", "versions": [{"status": "affected", "version": "R0.40e6"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985"}], "descriptions": [{"lang": "en", "value": "The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Information Exposure"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-10-30T13:35:16.694Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33603", "state": "PUBLISHED", "dateUpdated": "2024-10-30T15:03:11.265Z", "dateReserved": "2024-05-01T21:30:15.074Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-10-30T13:35:16.694Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*", "matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication."}, {"lang": "es", "value": "El enrutador LevelOne WBR-6012 tiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en su aplicaci\u00f3n web, que permite a los usuarios no autenticados acceder a una p\u00e1gina de registro del sistema con muchos detalles y obtener datos confidenciales, como direcciones de memoria y direcciones IP para los intentos de inicio de sesi\u00f3n. Esta falla podr\u00eda provocar el secuestro de sesiones debido a la dependencia del dispositivo de la direcci\u00f3n IP para la autenticaci\u00f3n."}], "id": "CVE-2024-33603", "lastModified": "2024-11-21T09:17:14.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-10-30T14:15:06.330", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1985"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}