CVE-2024-33623 - OpenCVE

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Level1	Wbr-6012 Wbr-6012 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*

cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001

History

Wed, 13 Nov 2024 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Level1 Level1 wbr-6012 Level1 wbr-6012 Firmware
CPEs		cpe:2.3:h:level1:wbr-6012:-:::::::* cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:::::::*
Vendors & Products		Level1 Level1 wbr-6012 Level1 wbr-6012 Firmware

Wed, 30 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 30 Oct 2024 13:45:00 +0000

Type	Values Removed	Values Added
Description		A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
Weaknesses		CWE-835
References		https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001
Metrics		cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-10-30T13:35:13.192Z

Updated: 2024-10-30T15:03:12.345Z

Reserved: 2024-05-10T16:58:46.760Z

Link: CVE-2024-33623

Vulnrichment

Updated: 2024-10-30T15:03:12.345Z

NVD

Status : Analyzed

Published: 2024-10-30T14:15:06.597

Modified: 2024-11-13T18:43:10.740

Link: CVE-2024-33623

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33623", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-05-10T16:58:46.760Z", "datePublished": "2024-10-30T13:35:13.192Z", "dateUpdated": "2024-10-30T15:03:12.345Z"}, "containers": {"cna": {"affected": [{"vendor": "LevelOne", "product": "WBR-6012", "versions": [{"version": "R0.40e6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "type": "CWE", "cweId": "CWE-835"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-10-30T13:35:13.192Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001"}], "credits": [{"lang": "en", "value": "Discovered by Patrick DeSantis of Cisco Talos."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-30T14:06:50.802653Z", "id": "CVE-2024-33623", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T14:07:04.336Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2001"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-30T15:03:12.345Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2001"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-30T15:03:12.345Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33623", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-30T14:06:50.802653Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T14:06:59.063Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Patrick DeSantis of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "LevelOne", "product": "WBR-6012", "versions": [{"status": "affected", "version": "R0.40e6"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001"}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-10-30T13:35:13.192Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33623", "state": "PUBLISHED", "dateUpdated": "2024-10-30T15:03:12.345Z", "dateReserved": "2024-05-10T16:58:46.760Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-10-30T13:35:13.192Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*", "matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad de la aplicaci\u00f3n web de LevelOne WBR-6012 R0.40e6. Una solicitud HTTP especialmente manipulada puede provocar un reinicio. Un atacante puede enviar una solicitud HTTP para activar esta vulnerabilidad."}], "id": "CVE-2024-33623", "lastModified": "2024-11-13T18:43:10.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-10-30T14:15:06.597", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2001"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}